[ALSA-2026:13498] Important: dovecot security update
Type:
security
Severity:
important
Release date:
2026-05-06
Description:
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command (CVE-2025-59032) * dovecot: denial of service via crafted message before authentication (CVE-2026-27858) * dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 dovecot-mysql-2.3.21-16.el10_1.1.aarch64.rpm 2d1d35ef029ccd2207a9f96397ad509d0915010834a88e9dff576682e5a54270
aarch64 dovecot-2.3.21-16.el10_1.1.aarch64.rpm 3d78e47e298f8af29d19931b81a70c04e952d234d20e37cb3d736a939315c3bc
aarch64 dovecot-devel-2.3.21-16.el10_1.1.aarch64.rpm 6bd3b24cb30faeed731f54df99196295da54305d7d39c50a1e4b264b773f3650
aarch64 dovecot-pigeonhole-2.3.21-16.el10_1.1.aarch64.rpm 6c1e249cd951f112d9f48df9211b731c64ca1782fbb6086dba249ce1db034073
aarch64 dovecot-pgsql-2.3.21-16.el10_1.1.aarch64.rpm b3fcaeb6b47f6df3daaa09a03664b2188117f0cb8f1374b5ca231732751f2f0e
ppc64le dovecot-pigeonhole-2.3.21-16.el10_1.1.ppc64le.rpm 13f64ed61624ef2dcbcd16d6d2ca89bdb45be1bf976c6bea4855662595c509e7
ppc64le dovecot-pgsql-2.3.21-16.el10_1.1.ppc64le.rpm 227bab98980f53cecc8784634ae0f891c94b8ad9a4155e3d54447d421ef073f2
ppc64le dovecot-2.3.21-16.el10_1.1.ppc64le.rpm 3a5fadc9479c7ca265fc93e3e10d7cec6c861a61ab3a3225f6428bf01ec60892
ppc64le dovecot-mysql-2.3.21-16.el10_1.1.ppc64le.rpm 6d555998a6b2454795c947d728a361bf8125bad61bd92d1346135220acb46f87
ppc64le dovecot-devel-2.3.21-16.el10_1.1.ppc64le.rpm c7e13a76d57e288b98226afcafa7baeff870620bc7f7dfa91267e3d9bf7c8641
s390x dovecot-devel-2.3.21-16.el10_1.1.s390x.rpm 1cbeae19b2aec3cb744053f3751da8edda4615a297c7faa60ca84251f13896ac
s390x dovecot-2.3.21-16.el10_1.1.s390x.rpm 3ce4fdaa8c7e58078016b013faeaa6b665f2da98f13c81af1cc3a8a854cd4610
s390x dovecot-mysql-2.3.21-16.el10_1.1.s390x.rpm 532aecddd30b40cc20ef14189c9982e95ae262c60901572151c370a29d840421
s390x dovecot-pigeonhole-2.3.21-16.el10_1.1.s390x.rpm b836df5e83f7956ad435f247f880939edcc596ff3268c066af80bec132bc577d
s390x dovecot-pgsql-2.3.21-16.el10_1.1.s390x.rpm d753789e1d628c514d504b07e66ddedbd513314605403c2c3e5bd967d4c6cac3
x86_64 dovecot-pigeonhole-2.3.21-16.el10_1.1.x86_64.rpm 323f2a6c6d59cd3cb018c2e7558ce4d3016a9006b59b61833c38db6422b10270
x86_64 dovecot-2.3.21-16.el10_1.1.x86_64.rpm 4e4ee17703ef69e2a6954103e8ebeb0af847bc33ea0bd9211da170348b61f834
x86_64 dovecot-mysql-2.3.21-16.el10_1.1.x86_64.rpm 8a4cd27f58c0a9a972506544d17268fbfae9f4d1421ae0e7ee70ba219a5afbeb
x86_64 dovecot-pgsql-2.3.21-16.el10_1.1.x86_64.rpm 9a20ac01dd3e997f9874ec1c7a01e765350dc27d74281f0950ffc55d64424815
x86_64 dovecot-devel-2.3.21-16.el10_1.1.x86_64.rpm b091c0580ff9d2af7cedf1cd50cfb3edebb1af09787a7dbf9f76c56b7c3399e1
x86_64_v2 dovecot-mysql-2.3.21-16.el10_1.1.x86_64_v2.rpm 02a3087877e5e1d80510e4155220150e7e0e4b68d48e18f00224c578f6898e9b
x86_64_v2 dovecot-devel-2.3.21-16.el10_1.1.x86_64_v2.rpm 0a8af554b484605b3d1ad4d1cde25df4593e48390f747791454770dfe942721c
x86_64_v2 dovecot-pgsql-2.3.21-16.el10_1.1.x86_64_v2.rpm 26c07f8898b2a18e0697781ecdfd671469355ca8f29f0a425b8fa5ebbaf30e7c
x86_64_v2 dovecot-2.3.21-16.el10_1.1.x86_64_v2.rpm f10f0d2b48c02bd9359c258896c86ee89c224f26efed5eedc56a117d93d5a7eb
x86_64_v2 dovecot-pigeonhole-2.3.21-16.el10_1.1.x86_64_v2.rpm fc1f048dc6e5bef19f0395c4066b8b06c672aa0b2304009d8e78c70611021283
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.