ALSA-2026:13857

[ALSA-2026:13857] Important: dovecot security update

Type:

security

Severity:

important

Release date:

2026-05-06

Description:

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.   

Security Fix(es):  

  * dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command (CVE-2025-59032)
  * dovecot: denial of service via crafted message before authentication (CVE-2026-27858)
  * dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	dovecot-pigeonhole-2.3.16-15.el9_7.1.aarch64.rpm	11eab02c12e8fcd60b6c5380732ea0d3550cd606ab929ab0585613b605b99119
aarch64	dovecot-mysql-2.3.16-15.el9_7.1.aarch64.rpm	334f4311136e8c3e923374473916536fd74c3a576c2a55d19c8eeaa40a2752df
aarch64	dovecot-devel-2.3.16-15.el9_7.1.aarch64.rpm	53ce666f1a734bcfdf1cd6e364ac4b2084f616e8db992e6a5c8f1552288be538
aarch64	dovecot-pgsql-2.3.16-15.el9_7.1.aarch64.rpm	cb73e00f5a7030871d59b1c76712df6fe81965f92e692afc16fcc4c149a4f743
aarch64	dovecot-2.3.16-15.el9_7.1.aarch64.rpm	f2475c310f88191c21320a68c0d966328aa60a463c010641fc781b020349bb77
i686	dovecot-devel-2.3.16-15.el9_7.1.i686.rpm	4ca0074f32992db1e8c8762ebfab4c3381c9d27949f613d8baaeccc50d807e83
i686	dovecot-2.3.16-15.el9_7.1.i686.rpm	db4f6927165f93c7fbfd3470cd23f9018a836c0deeb8308d871771533d8f51f8
ppc64le	dovecot-pgsql-2.3.16-15.el9_7.1.ppc64le.rpm	3faf2a4526d1ae438b4f7912e6e57a8aaf88e71015bddc084596997a961b1e8b
ppc64le	dovecot-pigeonhole-2.3.16-15.el9_7.1.ppc64le.rpm	895bf7b2610b847bd4eec222bf25114ddb2693921a91969f362a07fa8dad2196
ppc64le	dovecot-devel-2.3.16-15.el9_7.1.ppc64le.rpm	bc9c5afec71dd06d7d79c2de9da479fd1bea43202ba6fbf8ea459eac5000423a
ppc64le	dovecot-2.3.16-15.el9_7.1.ppc64le.rpm	dd4f1193a87f70ad72152adde0ff0e0fc03835c8dc157d7487294b97de28c71f
ppc64le	dovecot-mysql-2.3.16-15.el9_7.1.ppc64le.rpm	ee47637261ef5cedd2fea556f3f270cf2725d4cbf9b9588e05bba48788fd9a06
s390x	dovecot-mysql-2.3.16-15.el9_7.1.s390x.rpm	0863baf3d1cc637c353288d22daf9ccdfd1eadbced2905724ed13a37a1bd10cf
s390x	dovecot-devel-2.3.16-15.el9_7.1.s390x.rpm	0c764e54404277b8bd7b54d29f54a7923b3e6ba9189f8322354155d97fd07930
s390x	dovecot-pigeonhole-2.3.16-15.el9_7.1.s390x.rpm	406fbee776ab23965ce831e1fff212f3e9a7a149971ad2c7a894cc23a706a89c
s390x	dovecot-pgsql-2.3.16-15.el9_7.1.s390x.rpm	69d39e94364c32ba73f35828d854e2a0107038310c8d92d85f37a20af558f670
s390x	dovecot-2.3.16-15.el9_7.1.s390x.rpm	9b1057f5efb070231effca12deacb66da76930057a47d9d23b8f58a3c0974431
x86_64	dovecot-2.3.16-15.el9_7.1.x86_64.rpm	0dac577d4ab44f86349831428a08413b87a4f6c6ece05279985bac1cde58f75b
x86_64	dovecot-pigeonhole-2.3.16-15.el9_7.1.x86_64.rpm	2a8b78de95968e78eab74aa0891e31814c6c1c32c3ba71cac55379f9b60f984a
x86_64	dovecot-mysql-2.3.16-15.el9_7.1.x86_64.rpm	80130978a6080a30cb2961b883d515b582b841455129ae3bd0a48a060ad787e5
x86_64	dovecot-devel-2.3.16-15.el9_7.1.x86_64.rpm	ad39763b6681a892141a7a7a74b259afa69e02641963ce1508c7e87268bf296a
x86_64	dovecot-pgsql-2.3.16-15.el9_7.1.x86_64.rpm	c5efeee63e4e46a6989bdacda735a1c4ec93dc7e79fa6c0d2f2a3dd3d5983236

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.