Red Hat Product Errata RHSA-2026:13857 - Security Advisory Issued: 2026-05-05 Updated: 2026-05-05 RHSA-2026:13857 - Security Advisory Overview Updated Packages Synopsis Important: dovecot security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for dovecot is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command (CVE-2025-59032) dovecot: denial of service via crafted message before authentication (CVE-2026-27858) dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Fixes BZ - 2452172 - CVE-2025-59032 dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command BZ - 2452175 - CVE-2026-27858 dovecot: denial of service via crafted message before authentication BZ - 2452179 - CVE-2026-27857 dovecot: denial of service via specially crafted NOOP command CVEs CVE-2025-59032 CVE-2026-27857 CVE-2026-27858 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM dovecot-2.3.16-15.el9_7.1.src.rpm SHA-256: 8ddb24f8f00b875e31fadf5259ece8541b24b6ed306a8a83d2334255b5e4041a x86_64 dovecot-2.3.16-15.el9_7.1.x86_64.rpm SHA-256: 02c416e67f1faa9bec676066864c1c14f26b1b293e3aa4c65c033d20f711c3bb dovecot-debuginfo-2.3.16-15.el9_7.1.x86_64.rpm SHA-256: a73ddbba503afa891eefaaca29e2351bb503eaec12b98084f8aee873068c009c dovecot-debugsource-2.3.16-15.el9_7.1.x86_64.rpm SHA-256: 99802f61e5cfd11a01922bf30fa2a1cd20d0494b61001fbb368a6cb7109faafb dovecot-mysql-2.3.16-15.el9_7.1.x86_64.rpm SHA-256: ab8ebb2ab83f46f9fab3ab239ead4458eb03c672398a05c36118f369d866709d dovecot-mysql-debuginfo-2.3.16-15.el9_7.1.x86_64.rpm SHA-256: fb86a214bb9c300bc858bf3bd4f623bf5d11d70e8063189acfdf0f5466ac2caa dovecot-pgsql-2.3.16-15.el9_7.1.x86_64.rpm SHA-256: f9e3632ec95efb3cef38d86032128aab9f493346e121e2162f715ab1e01480e6 dovecot-pgsql-debuginfo-2.3.16-15.el9_7.1.x86_64.rpm SHA-256: d8c092b6464a9074f02e2e23a07921a802fc058496e6153bd0ac917f74f332a0 dovecot-pigeonhole-2.3.16-15.el9_7.1.x86_64.rpm SHA-256: 452267cc8564e1471a184f69e22ef21c611d60134d9689aa273062b5735b3661 dovecot-pigeonhole-debuginfo-2.3.16-15.el9_7.1.x86_64.rpm SHA-256: 09f3b8bc1257db138b012381deb92a005f9f61e206213c6516651c9a8d06a2aa Red Hat Enterprise Linux for IBM z Systems 9 SRPM dovecot-2.3.16-15.el9_7.1.src.rpm SHA-256: 8ddb24f8f00b875e31fadf5259ece8541b24b6ed306a8a83d2334255b5e4041a s390x dovecot-2.3.16-15.el9_7.1.s390x.rpm SHA-256: b8846155540ad31a0f73a7388a62bf11b62d65c4ef2fc785da4513669add46bc dovecot-debuginfo-2.3.16-15.el9_7.1.s390x.rpm SHA-256: 51a30a5101e6132c871d7cf2233f2aa4a0c4ff7f8a57715e4edc9567c7a01585 dovecot-debugsource-2.3.16-15.el9_7.1.s390x.rpm SHA-256: 4231d7416fc829734d12aa23c5b5a729f69f64766589c78135f1f5d179021f9f dovecot-mysql-2.3.16-15.el9_7.1.s390x.rpm SHA-256: c47537a60c8d36cd901bbc541336e67be041d2ca555a8dedc842bd67c0c220b0 dovecot-mysql-debuginfo-2.3.16-15.el9_7.1.s390x.rpm SHA-256: 31aea92494e79b4d31f54fa8d2accfc87b1ae9520961b8b073991b31fb5ce905 dovecot-pgsql-2.3.16-15.el9_7.1.s390x.rpm SHA-256: 682f9779c6cea825bb952df3153fb6e856a743eca2ed54cd3b5a2d24cd15f339 dovecot-pgsql-debuginfo-2.3.16-15.el9_7.1.s390x.rpm SHA-256: 368208bf64b512c531a0ed28f4c50e65809c35565306cf3cd4ad152a45afc371 dovecot-pigeonhole-2.3.16-15.el9_7.1.s390x.rpm SHA-256: c795c343ae76f681ffa248ebd9eb096c1a29f8c83cdb4fc2cc8fdf4909c65ce5 dovecot-pigeonhole-debuginfo-2.3.16-15.el9_7.1.s390x.rpm SHA-256: ebb222bd90cf3ee94a09d890bf5bd8feab17f03d6b302a37a4421f4eb021cbce Red Hat Enterprise Linux for Power, little endian 9 SRPM dovecot-2.3.16-15.el9_7.1.src.rpm SHA-256: 8ddb24f8f00b875e31fadf5259ece8541b24b6ed306a8a83d2334255b5e4041a ppc64le dovecot-2.3.16-15.el9_7.1.ppc64le.rpm SHA-256: 4ddb8ca8cb07e4a5b56b4bccb1d213832a6d68024d38efb28783f4fa2f8bcb5e dovecot-debuginfo-2.3.16-15.el9_7.1.ppc64le.rpm SHA-256: 83190debef04d730100a05da657b405b4c739065711defc421cf11460f0bf3a3 dovecot-debugsource-2.3.16-15.el9_7.1.ppc64le.rpm SHA-256: baf45038f746f8b1f5710aa08f24686b679071ddbcd528f527bacb379697ff68 dovecot-mysql-2.3.16-15.el9_7.1.ppc64le.rpm SHA-256: d6d730003fe671a066dfa216fec7e9faebd5bc5191e396285105213a100d781c dovecot-mysql-debuginfo-2.3.16-15.el9_7.1.ppc64le.rpm SHA-256: 1705773a27ba0b6062a0188260a4cb81b8fc17f292c484750b17fa5ba456a07c dovecot-pgsql-2.3.16-15.el9_7.1.ppc64le.rpm SHA-256: a56c04acd7b47c8fb62fc25ddaffcaac614a709fb721d5f3f27ca91aaec1e5ad dovecot-pgsql-debuginfo-2.3.16-15.el9_7.1.ppc64le.rpm SHA-256: eb5167682ec43879e701713d2d0c0f783e8469efacfdb8bbbf9772b81f9c59d3 dovecot-pigeonhole-2.3.16-15.el9_7.1.ppc64le.rpm SHA-256: 6d8f6bac7f6e54aaf5a92a5897649fbed3fccba249305a0e78f0fd85f1f23af5 dovecot-pigeonhole-debuginfo-2.3.16-15.el9_7.1.ppc64le.rpm SHA-256: 1e87ea3cb6fba66805991ed40df8b2b43f492c05a0ceafaad09a64e0d3601928 Red Hat Enterprise Linux for ARM 64 9 SRPM dovecot-2.3.16-15.el9_7.1.src.rpm SHA-256: 8ddb24f8f00b875e31fadf5259ece8541b24b6ed306a8a83d2334255b5e4041a aarch64 dovecot-2.3.16-15.el9_7.1.aarch64.rpm SHA-256: 3ef226a0d30196e5d20613900af0cf4da863960b29d36cbf057a10e3bee9498d dovecot-debuginfo-2.3.16-15.el9_7.1.aarch64.rpm SHA-256: 1e6d3370272c5132820652fb2a9f2dbf09581cfeb5609b92963e42a5dd01a1b5 dovecot-debugsource-2.3.16-15.el9_7.1.aarch64.rpm SHA-256: 1bab5485535e89e4d2d344330b833865bc18fd7fb5ad1227f934a792bd357d43 dovecot-mysql-2.3.16-15.el9_7.1.aarch64.rpm SHA-256: 65a5d2e12dc5c0357af6ff45df8812061c789ea81265b794288f78f6de64cffd dovecot-mysql-debuginfo-2.3.16-15.el9_7.1.aarch64.rpm SHA-256: de4df93b3917216b7b7e690720f72e7fab91638af8227f9473b6bf54b1d1c504 dovecot-pgsql-2.3.16-15.el9_7.1.aarch64.rpm SHA-256: 606ed3af2799bb3f99d6ea82db3e92e41348e733d5bf82b92e0acffd4942b1c7 dovecot-pgsql-debuginfo-2.3.16-15.el9_7.1.aarch64.rpm SHA-256: 1cb5dbb538122c71cdaf2d16b186c852d99d9e25ee7375d89ad735c673031e56 dovecot-pigeonhole-2.3.16-15.el9_7.1.aarch64.rpm SHA-256: 2325ac71722df79500f8547439d6ffc65836911ee0e03d67cd16ad96483c4783 dovecot-pigeonhole-debuginfo-2.3.16-15.el9_7.1.aarch64.rpm SHA-256: a0752af761b6299534cd830d8cf3306f2af85eb8be00017d4ef6e87a7437ac7c Red Hat CodeReady Linux Builder for x86_64 9 SRPM x86_64 dovecot-2.3.16-15.el9_7.1.i686.rpm SHA-256: 151bf0088ee434b8cc1c1a3e8b15eeac1b3fa877bdf876bd733c49bb9bd7c58a dovecot-debuginfo-2.3.16-15.el9_7.1.i686.rpm SHA-256: 7bfc2bbf897e27f4921ff389de4474aca0d70514ce4bcba9c0c380d3b096dd3b dovecot-debuginfo-2.3.16-15.el9_7.1.x86_64.rpm SHA-256: a73ddbba503afa891eefaaca29e2351bb503eaec12b98084f8aee873068c009c dovecot-debugsource-2.3.16-15.el9_7.1.i686.rpm SHA-256: 4016ffaf2493bbfc7feea4eacc258eb82a6b24f0e7b8ae5d11e7268c07e12d92 dovecot-debugsource-2.3.16-15.el9_7.1.x86_64.rpm SHA-256: 99802f61e5cfd11a01922bf30fa2a1cd20d0494b61001fbb368a6cb7109faafb dovecot-devel-2.3.16-15.el9_7.1.i686.rpm SHA-256: 71620a6a7e51468c8fe8a5ca0f4059746f0c71548e1f2a70fde49bd5139e8657 dovecot-devel-2.3.16-15.el9_7.1.x86_64.rpm SHA-256: b8eae0983cff8fb3d2dc2297bf77ce6f0152b195f2372ad17463d27245c063eb dovecot-mysql-debuginfo-2.3.16-15.el9_7.1.i686.rpm SHA-256: d0cfa3c6495327409c31f8aedc69425370d425073562c9f7e942d19d0e3db65c dovecot-mysql-debuginfo-2.3.16-15.el9_7.1.x86_64.rpm SHA-256: fb86a214bb9c300bc858bf3bd4f623bf5d11d70e8063189acfdf0f5466ac2caa dovecot-pgsql-debuginfo-2.3.16-15.el9_7.1.i686.rpm SHA-256: 466ac166c113a1e17cfaeac419c421ab7458db2876ff453226194d07fde5d0fc dovecot-pgsql-debuginfo-2.3.16-15.el9_7.1.x86_64.rpm SHA-256: d8c092b6464a9074f02e2e23a07921a802fc058496e6153bd0ac917f74f332a0 dovecot-pigeonhole-debuginfo-2.3.16-15.el9_7.1.i686.rpm SHA-256: 9e784e36f397145ed014ad46f7f61a083b159d5733092c4de6f83a14df197288 dovecot-pigeonhole-debuginfo-2.3.16-15.el9_7.1.x86_64.rpm SHA-256: 09f3b8bc1257db138b012381deb92a005f9f61e206213c6516651c9a8d06a2aa Red Hat CodeReady Linux Builder for Power, little endian 9 SRPM ppc64le dovecot-debuginfo-2.3.16-15.el9_7.1.ppc64le.rpm SHA-256: 83190debef04d730100a05da657b405b4c739065711defc421cf11460f0bf3a3 dovecot-debugsource-2.3.16-15.el9_7.1.ppc64le.rpm SHA-256: baf45038f746f8b1f5710aa08f24686b679071ddbcd528f527bacb379697ff68 dovecot-devel-2.3.16-15.el9_7.1.ppc64le.rpm SHA-256: 3d0a25d70441c07f3a30bcfa6ef00a20922d2c9eceb4b69b50711c6a8a3faac8 dovecot-mysql-debuginfo-2.3.16-15.el9_7.1.ppc64le.rpm SHA-256: 1705773a27ba0b6062a0188260a4cb81b8fc17f292c484750b17fa5ba456a07c dovecot-pgsql-debuginfo-2.3.16-15.el9_7.1.ppc64le.rpm SHA-256: eb5167682ec43879e701713d2d0c0