ALSA-2026:13830

[ALSA-2026:13830] Important: dovecot security update

Type:

security

Severity:

important

Release date:

2026-05-05

Description:

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.   

Security Fix(es):  

  * dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command (CVE-2025-59032)
  * dovecot: denial of service via crafted message before authentication (CVE-2026-27858)
  * dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	dovecot-mysql-2.3.16-7.el8_10.aarch64.rpm	0dbc024f3022b10c416623b50f24e59df08edee168f7640c06dbac9927180005
aarch64	dovecot-devel-2.3.16-7.el8_10.aarch64.rpm	332de1de7db93332bf0d7cbc72cd0c7ac88ec720d7f5a70cb1cffc09626760c4
aarch64	dovecot-pigeonhole-2.3.16-7.el8_10.aarch64.rpm	53bf0229638c7818b562414df4f82afda3ef26e801d9edd82db4dfc66488358f
aarch64	dovecot-2.3.16-7.el8_10.aarch64.rpm	73d573698116db81ad227de3e4af8324770ad31148a2b2532620aa245490aa8d
aarch64	dovecot-pgsql-2.3.16-7.el8_10.aarch64.rpm	79ee5d02258807f9849512ec23d2949f1efb173b6ad18e74909f72c962259947
i686	dovecot-2.3.16-7.el8_10.i686.rpm	315078cbbfa80e006d09e7720ee445caddccfea752bb67aa8548354dcbb722e4
i686	dovecot-devel-2.3.16-7.el8_10.i686.rpm	cdbba0cad62378c9a824d1bb3f38512198334adf8b7a9e47f2896ca7acacc3e8
ppc64le	dovecot-devel-2.3.16-7.el8_10.ppc64le.rpm	62221d5c52bfbb1a8a9a7b3720c1a9f96a3053517452b9f78864ec8d2f173305
ppc64le	dovecot-pigeonhole-2.3.16-7.el8_10.ppc64le.rpm	7209dc8119b5b5717020313c2774a053f9463588052cce8ea63bfd9914730b76
ppc64le	dovecot-pgsql-2.3.16-7.el8_10.ppc64le.rpm	9b9673ae88b393c0e76eb21e013a6e2426fbc51d99f662074eef598de7cbdd54
ppc64le	dovecot-2.3.16-7.el8_10.ppc64le.rpm	c740141a6eae59601b880089a88bd622b717b5be6cc244b540d194ebc90a394e
ppc64le	dovecot-mysql-2.3.16-7.el8_10.ppc64le.rpm	fb7f9164b4b366009185246bf612d865ac84fe1113af8e9f09f9bec5fd988e42
s390x	dovecot-devel-2.3.16-7.el8_10.s390x.rpm	17804a658ecf1de5fc79b30e23c383f551c6e50a4d41ccfed107ebc418219d7b
s390x	dovecot-pigeonhole-2.3.16-7.el8_10.s390x.rpm	707c42d5cd48c0d9a6246000359d1c58dbb16d3e10c88b902c762f57f3f78690
s390x	dovecot-mysql-2.3.16-7.el8_10.s390x.rpm	cfb8b833c12b71103a221411a7b403cae79cf81f5842aaccc2202a14d9f0fbf3
s390x	dovecot-pgsql-2.3.16-7.el8_10.s390x.rpm	e8ba1daf69c842b357ea12e23ca5f01107ac13136ff01d338fe1e75ab9c9b52b
s390x	dovecot-2.3.16-7.el8_10.s390x.rpm	ea36f76f08640ced1768ffb9d9a77f1f13de382f15d9a00ee82e028304268c36
x86_64	dovecot-devel-2.3.16-7.el8_10.x86_64.rpm	05fe2f0a9650e1318afb2da1e5775ea8c39ac91a133e30ad965a9d5acc23ac22
x86_64	dovecot-mysql-2.3.16-7.el8_10.x86_64.rpm	4751c201cfd2e29800abcefe52509a5f65f709bcbcb549673879d4323cdf6b2b
x86_64	dovecot-2.3.16-7.el8_10.x86_64.rpm	7dd13396eee1a6f1adfae4a178e12ca69c94c86622ebb98ca315e258b004c02e
x86_64	dovecot-pigeonhole-2.3.16-7.el8_10.x86_64.rpm	9090d5f6727b94cf94b12a7a5fa0a9732657a731796a11714c6242f215eafdc4
x86_64	dovecot-pgsql-2.3.16-7.el8_10.x86_64.rpm	be9bf7d4e75c285685f3fb6cb79186f8bab6cd4c28322b19188fdb0372245dd5

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.