ALSA-2026:19364

[ALSA-2026:19364] Important: dovecot security update

Type:

security

Severity:

important

Release date:

2026-05-26

Description:

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.   

Security Fix(es):  

  * dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command (CVE-2025-59032)
  * dovecot: denial of service via crafted message before authentication (CVE-2026-27858)
  * dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	dovecot-pigeonhole-2.3.16-18.el9_8.aarch64.rpm	04806794ac1fa06273342bd9cb41516e5b1cc73cf47cd6fb1b5016b8fc491e6f
aarch64	dovecot-pgsql-2.3.16-18.el9_8.aarch64.rpm	324b27806a1963d163296a069244e0720840a74ff37628eeeac1b6d580b3fcbf
aarch64	dovecot-mysql-2.3.16-18.el9_8.aarch64.rpm	5ab00dc2f15cffcbbb30a631fc4bca2d5ffb915369604a8c94eaf5d29d874160
aarch64	dovecot-2.3.16-18.el9_8.aarch64.rpm	861a8aebb859c2f1d5ffc9403db10ef0e46143c4ba507c20a4f958f6518bb830
aarch64	dovecot-devel-2.3.16-18.el9_8.aarch64.rpm	b48cbaaf45adcf11efbed7e978565c95ac92bc81e08166ab06e1a22c732e7fcd
i686	dovecot-devel-2.3.16-18.el9_8.i686.rpm	d8c51aef6d29c4f50b7d7c4368fd82d1a37144b8aecfa7eaf408aa581d87bb38
i686	dovecot-2.3.16-18.el9_8.i686.rpm	eddfad6e0e60cc0516e6c0124400c29f4483da9adca853516854933ed9c106b2
ppc64le	dovecot-mysql-2.3.16-18.el9_8.ppc64le.rpm	26065f9e90cba1ab0220435a45b6029953ee7fcb26a50632d5042ce96c3a071b
ppc64le	dovecot-2.3.16-18.el9_8.ppc64le.rpm	a180fa76d3a129115dfd35de5815848ac34cb50bf00c8555df9fe65f4d19d8fa
ppc64le	dovecot-pigeonhole-2.3.16-18.el9_8.ppc64le.rpm	a371cc37b608fd356fb55ecc1a3ee1edfbd0852bcfa4b0878ef406bb858ec703
ppc64le	dovecot-devel-2.3.16-18.el9_8.ppc64le.rpm	c4b0f3953524d0970243283e99ca2f70ad14b1783a2e98968ae99bc4a4fef3a6
ppc64le	dovecot-pgsql-2.3.16-18.el9_8.ppc64le.rpm	f40846906928634608dbedb2adef25a36ff889e1fcbfd2a717726fd7b5f67d7c
s390x	dovecot-pgsql-2.3.16-18.el9_8.s390x.rpm	0790e34e5c3bd3ad55f0eef8d15e2dcc33c51e728a9e0190f95d8e9e17b1e66e
s390x	dovecot-pigeonhole-2.3.16-18.el9_8.s390x.rpm	4ccc33a071732f433f028d056294c3c29e1f68cedeedf45cd32103367760ebd6
s390x	dovecot-mysql-2.3.16-18.el9_8.s390x.rpm	4e751602bb0effce328e06b4ca9f108b83df50fcaf7969707838fea42b7264f3
s390x	dovecot-devel-2.3.16-18.el9_8.s390x.rpm	5fc4ca48cb13320837014b8a7e09f9f28260f6df078b1786854424285fd6c89a
s390x	dovecot-2.3.16-18.el9_8.s390x.rpm	8418bafb4a4409815446cf0f140414af6b07bdd213e18220de854f1108b5131c
x86_64	dovecot-devel-2.3.16-18.el9_8.x86_64.rpm	07c05a77a9e3ec220cf9114253d341662dbb078999fcca3b6245f4a3b9352ab0
x86_64	dovecot-pgsql-2.3.16-18.el9_8.x86_64.rpm	2ef404db74290631998e86928c5f3a8d3f76a474e826a0f3eea626d44c923dad
x86_64	dovecot-2.3.16-18.el9_8.x86_64.rpm	6d9c706cd1c9b905fd152a8e321d469959d53be87c39061d25bee34a1d1894dd
x86_64	dovecot-pigeonhole-2.3.16-18.el9_8.x86_64.rpm	7bc2ce6ce6a2725f405d28a9fa267dd26bc9ade204028ea5126cd4cd0eb88106
x86_64	dovecot-mysql-2.3.16-18.el9_8.x86_64.rpm	b4a491ec72800585be9a2a269cc00f54fc0c9e8c0855619f15cdc3a7f0e6d4b4

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.