Red Hat Product Errata RHSA-2026:13830 - Security Advisory Issued: 2026-05-05 Updated: 2026-05-05 RHSA-2026:13830 - Security Advisory Overview Updated Packages Synopsis Important: dovecot security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for dovecot is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command (CVE-2025-59032) dovecot: denial of service via crafted message before authentication (CVE-2026-27858) dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat CodeReady Linux Builder for x86_64 8 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le Red Hat CodeReady Linux Builder for ARM 64 8 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2452172 - CVE-2025-59032 dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command BZ - 2452175 - CVE-2026-27858 dovecot: denial of service via crafted message before authentication BZ - 2452179 - CVE-2026-27857 dovecot: denial of service via specially crafted NOOP command CVEs CVE-2025-59032 CVE-2026-27857 CVE-2026-27858 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM dovecot-2.3.16-7.el8_10.src.rpm SHA-256: 237fd5fcd9922d58eb65c876591c6384cbc143feb3f683bfb9e7da649c38bf54 x86_64 dovecot-2.3.16-7.el8_10.x86_64.rpm SHA-256: ee74eb2b13b074b5f7c67aae16dabbf479c5dd3c737fa14fdd51987444d8359d dovecot-debuginfo-2.3.16-7.el8_10.x86_64.rpm SHA-256: 4ea0af2010c2aa6d0659d2caca773e23a001c65cf25937837b7fdd7c64a12614 dovecot-debugsource-2.3.16-7.el8_10.x86_64.rpm SHA-256: 308bfb5b19d1fcb34cf68b61d6c452e6b1d4f999c49e4946f7368a20ddaa26b3 dovecot-mysql-2.3.16-7.el8_10.x86_64.rpm SHA-256: a78ab203bb73e64ed0efa3cc76cceae173953c21d31e9267ddffe69abb714c4d dovecot-mysql-debuginfo-2.3.16-7.el8_10.x86_64.rpm SHA-256: e5253b887b114b2dfbc72cc8abf2974e22c148e6861a3406ee172ef0242add52 dovecot-pgsql-2.3.16-7.el8_10.x86_64.rpm SHA-256: c5562ac9a3ce8a503d2dbfa9cdcb435662c904b7535aab4fa08b98c3087bba96 dovecot-pgsql-debuginfo-2.3.16-7.el8_10.x86_64.rpm SHA-256: e8b1c9f60e6a21d024835037e8ff0970a8843fe2e12535b02361d682e0ddc61d dovecot-pigeonhole-2.3.16-7.el8_10.x86_64.rpm SHA-256: 31ca3172a6166f3909c59dd62b86795f00865173e636ad6917e91d1ec2b937c9 dovecot-pigeonhole-debuginfo-2.3.16-7.el8_10.x86_64.rpm SHA-256: b247a4dae03bbc7cdf88d83181c77e1f1277fd99075b505a7331fa2cde7a1ddf Red Hat Enterprise Linux for IBM z Systems 8 SRPM dovecot-2.3.16-7.el8_10.src.rpm SHA-256: 237fd5fcd9922d58eb65c876591c6384cbc143feb3f683bfb9e7da649c38bf54 s390x dovecot-2.3.16-7.el8_10.s390x.rpm SHA-256: 5ec48146f8e0d19fc4b710f9ab1a8b74b3f578de770b328ef54bbcd678db121c dovecot-debuginfo-2.3.16-7.el8_10.s390x.rpm SHA-256: 49be1bd270de529a12fda865da9d53abeb042424badab66822076519c87a1d29 dovecot-debugsource-2.3.16-7.el8_10.s390x.rpm SHA-256: da0987490e80d87e9a5e9676d2ad4b97eb168504992a5d3f7de08532f7b23989 dovecot-mysql-2.3.16-7.el8_10.s390x.rpm SHA-256: bffdb5746b0ff2503a9b8775e3b9442d86efb6fccf299a2391e1f1d5e28bfab6 dovecot-mysql-debuginfo-2.3.16-7.el8_10.s390x.rpm SHA-256: 6143cc5956f843c6cd41915793fa531e09560ba2bd648c94fa8e271d2ccb6773 dovecot-pgsql-2.3.16-7.el8_10.s390x.rpm SHA-256: 888d8f98feefbba2fe899ef73ae15480c84d456956efa80b909df8e3c60a8a3f dovecot-pgsql-debuginfo-2.3.16-7.el8_10.s390x.rpm SHA-256: 3cb2d70b473d905479279a6d2915cdc5bb95c603820a217c703e8fdce8bd32d0 dovecot-pigeonhole-2.3.16-7.el8_10.s390x.rpm SHA-256: 2eaeff6fa5d78b93a459a035679182cc7dc93f217be05602ce1a0b2b55ee16cd dovecot-pigeonhole-debuginfo-2.3.16-7.el8_10.s390x.rpm SHA-256: ee39427ad80c8cd686c54157fec5339baaa61a9a320e92cb8ba8e685bbd99933 Red Hat Enterprise Linux for Power, little endian 8 SRPM dovecot-2.3.16-7.el8_10.src.rpm SHA-256: 237fd5fcd9922d58eb65c876591c6384cbc143feb3f683bfb9e7da649c38bf54 ppc64le dovecot-2.3.16-7.el8_10.ppc64le.rpm SHA-256: 6aab4480e5d7a37224a5c0d9a00958e7b6c88e3e647a948a2247cfee6d5b18b8 dovecot-debuginfo-2.3.16-7.el8_10.ppc64le.rpm SHA-256: f13c545ebc47aab4b332b2d2bd24a14a852c0bfadadf766a6be3e1d2f84c9c7a dovecot-debugsource-2.3.16-7.el8_10.ppc64le.rpm SHA-256: 6c71832d7d2b24b3c79ae3895958fcd9257b3629570ebcb00246c50ba3e2e06e dovecot-mysql-2.3.16-7.el8_10.ppc64le.rpm SHA-256: 59c9aff047f4ae68cdcc2c57c6cc2af0bd6073911ce267f9bb9287e5ea13e2dc dovecot-mysql-debuginfo-2.3.16-7.el8_10.ppc64le.rpm SHA-256: b88d4f1014af4895a8d5febdb4ee22be77db8f2f12d4a0ab8e86a3f685e55dc6 dovecot-pgsql-2.3.16-7.el8_10.ppc64le.rpm SHA-256: 5b9dec8a4409ee0b41781c2bf4a9b98773edb47ac44054c04544fef538c1dd12 dovecot-pgsql-debuginfo-2.3.16-7.el8_10.ppc64le.rpm SHA-256: 8f754b4fb3b17e6fd48dc856f231dc4fe84a441ef3ee871691bd8e5682784262 dovecot-pigeonhole-2.3.16-7.el8_10.ppc64le.rpm SHA-256: b59efa1acad1d48956d48c2347b7790e265d32476d20cbf2e332b0d8813c0567 dovecot-pigeonhole-debuginfo-2.3.16-7.el8_10.ppc64le.rpm SHA-256: 770d65f0082ca4f2d1dbbef4425643875d59f7638735f6fe9ad286b394f4d64f Red Hat Enterprise Linux for ARM 64 8 SRPM dovecot-2.3.16-7.el8_10.src.rpm SHA-256: 237fd5fcd9922d58eb65c876591c6384cbc143feb3f683bfb9e7da649c38bf54 aarch64 dovecot-2.3.16-7.el8_10.aarch64.rpm SHA-256: af8e8d54a6e78876e9aa31b732ca7b8c2c25a1a5f6dc2544d183159741c34aff dovecot-debuginfo-2.3.16-7.el8_10.aarch64.rpm SHA-256: 57eabfea9a3985adc56c14eb45a8dfcf1271c296365b66328d36705a72ac6e39 dovecot-debugsource-2.3.16-7.el8_10.aarch64.rpm SHA-256: bc00ffe84de35de036acc1e692c4a7c9d43495e33897c2f7c14a467db4795eab dovecot-mysql-2.3.16-7.el8_10.aarch64.rpm SHA-256: 53c19c38ab72c153008ed0b971fa61108865a0acf8a5dc0258eabe28f04f9497 dovecot-mysql-debuginfo-2.3.16-7.el8_10.aarch64.rpm SHA-256: 95faf87dd4afb125b940b9b3652619f176410c6645e5e5458910c6de1fa5917b dovecot-pgsql-2.3.16-7.el8_10.aarch64.rpm SHA-256: 3c233d820b4493ba22720efbd0d24ff00e4fa1b234215205b961c44cdce6df0d dovecot-pgsql-debuginfo-2.3.16-7.el8_10.aarch64.rpm SHA-256: 44fb2dd6d7cfb367598db0296362c1545db932d282027454dda63d4f8fb8d212 dovecot-pigeonhole-2.3.16-7.el8_10.aarch64.rpm SHA-256: e179499088585b49ca448f66ad4b24af74e1db790d9f0f0737ac7b9a698beeeb dovecot-pigeonhole-debuginfo-2.3.16-7.el8_10.aarch64.rpm SHA-256: 18310cbf08f26d624c09f2cc16521958092d8fed634293725ad27adaede029fc Red Hat CodeReady Linux Builder for x86_64 8 SRPM x86_64 dovecot-2.3.16-7.el8_10.i686.rpm SHA-256: d105d5176dd68370c4b826c2d100e18576ffeede5bb7152454fb818ca30d3f06 dovecot-debuginfo-2.3.16-7.el8_10.i686.rpm SHA-256: 0c19beac536c681d0a897e7edd7cb063d520c4e835a26aab66734229fc6b81e7 dovecot-debuginfo-2.3.16-7.el8_10.x86_64.rpm SHA-256: 4ea0af2010c2aa6d0659d2caca773e23a001c65cf25937837b7fdd7c64a12614 dovecot-debugsource-2.3.16-7.el8_10.i686.rpm SHA-256: d3ad568cc0d7eeee79df9e109711904875f9cde074b8a0c0ed11abeb1c719590 dovecot-debugsource-2.3.16-7.el8_10.x86_64.rpm SHA-256: 308bfb5b19d1fcb34cf68b61d6c452e6b1d4f999c49e4946f7368a20ddaa26b3 dovecot-devel-2.3.16-7.el8_10.i686.rpm SHA-256: d7cbb39e9ee56c37f85738f8a9f53f86316d498879968d29c1e094fe19d7e1e6 dovecot-devel-2.3.16-7.el8_10.x86_64.rpm SHA-256: b22d7b231d8fbbd199e5e5b3f3ca412fa520f24b467b471cccf868adae8aa9e2 dovecot-mysql-debuginfo-2.3.16-7.el8_10.i686.rpm SHA-256: 190eb3bd9472e5ae39c3dc00100c33b7eb4e48c508b5720484e28898415a79b8 dovecot-mysql-debuginfo-2.3.16-7.el8_10.x86_64.rpm SHA-256: e5253b887b114b2dfbc72cc8abf2974e22c148e6861a3406ee172ef0242add52 dovecot-pgsql-debuginfo-2.3.16-7.el8_10.i686.rpm SHA-256: de50fb8ca8c38bcd11f1e65edb0ba13ce706ccee48be395c0192d7ca4df6a943 dovecot-pgsql-debuginfo-2.3.16-7.el8_10.x86_64.rpm SHA-256: e8b1c9f60e6a21d024835037e8ff0970a8843fe2e12535b02361d682e0ddc61d dovecot-pigeonhole-debuginfo-2.3.16-7.el8_10.i686.rpm SHA-256: 3eb722280e576573f81cd475c6bcdc6dcf0f453aa6c15af71e15ce7b46a000cd dovecot-pigeonhole-debuginfo-2.3.16-7.el8_10.x86_64.rpm SHA-256: b247a4dae03bbc7cdf88d83181c77e1f1277fd99075b505a7331fa2cde7a1ddf Red Hat CodeReady Linux Builder for Power, little endian 8 SRPM ppc64le dovecot-debuginfo-2.3.16-7.el8_10.ppc64le.rpm SHA-256: f13c545ebc47aab4b332b2d2bd24a14a852c0bfadadf766a6be3e1d2f84c9c7a dovecot-debugsource-2.3.16-7.el8_10.ppc64le.rpm SHA-256: 6c71832d7d2b24b3c79ae3895958fcd9257b3629570ebcb00246c50ba3e2e06e dovecot-devel-2.3.16-7.el8_10.ppc64le.rpm SHA-256: 0dc50bbb24f32e8405c5b21729c350df05695adc31a7fa7398cca7d6e2ef5b2e dovecot-mysql-debuginfo-2.3.16