RLSA-2026:13498

Synopsis

Important: dovecot security update

Description

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.

Security Fix(es):

* dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command (CVE-2025-59032)

* dovecot: denial of service via crafted message before authentication (CVE-2026-27858)

* dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 10 aarch64

Fixes

2452175 2452179 2452172

CVEs

CVE-2025-59032 CVE-2026-27857 CVE-2026-27858

Affected packages

Rocky Linux 10 aarch64 - CRB

dovecot-devel-1:2.3.21-16.el10_1.1.aarch64.rpm

Rocky Linux 10 aarch64 - AppStream

dovecot-pgsql-1:2.3.21-16.el10_1.1.aarch64.rpm dovecot-mysql-debuginfo-1:2.3.21-16.el10_1.1.aarch64.rpm dovecot-1:2.3.21-16.el10_1.1.aarch64.rpm dovecot-1:2.3.21-16.el10_1.1.src.rpm dovecot-pigeonhole-1:2.3.21-16.el10_1.1.aarch64.rpm dovecot-pigeonhole-debuginfo-1:2.3.21-16.el10_1.1.aarch64.rpm dovecot-pgsql-debuginfo-1:2.3.21-16.el10_1.1.aarch64.rpm dovecot-mysql-1:2.3.21-16.el10_1.1.aarch64.rpm dovecot-debugsource-1:2.3.21-16.el10_1.1.aarch64.rpm dovecot-debuginfo-1:2.3.21-16.el10_1.1.aarch64.rpm

Rocky Linux 10 ppc64le - AppStream

dovecot-1:2.3.21-16.el10_1.1.src.rpm

Rocky Linux 10 s390x - AppStream

dovecot-1:2.3.21-16.el10_1.1.src.rpm

Rocky Linux 10 x86_64 - AppStream

dovecot-1:2.3.21-16.el10_1.1.src.rpm