Red Hat Product Errata RHSA-2026:17602 - Security Advisory Issued: 2026-05-14 Updated: 2026-05-14 RHSA-2026:17602 - Security Advisory Overview Updated Packages Synopsis Important: dovecot security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for dovecot is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command (CVE-2025-59032) dovecot: denial of service via crafted message before authentication (CVE-2026-27858) dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2452172 - CVE-2025-59032 dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command BZ - 2452175 - CVE-2026-27858 dovecot: denial of service via crafted message before authentication BZ - 2452179 - CVE-2026-27857 dovecot: denial of service via specially crafted NOOP command CVEs CVE-2025-59032 CVE-2026-27857 CVE-2026-27858 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM dovecot-2.3.21-16.el10_0.1.src.rpm SHA-256: 8750a3e2e8bdf0cc1356cbbf9746274dc8cb68d4645803207ae41bdea33b759a x86_64 dovecot-2.3.21-16.el10_0.1.x86_64.rpm SHA-256: 72c6f5444bf72200c658e11bb6fd329785578807fb16e616fb03c2475296f8c0 dovecot-debuginfo-2.3.21-16.el10_0.1.x86_64.rpm SHA-256: efe64419a85056262f209c5a0d63ceea314b468a99df4f4f24640499e1cd5166 dovecot-debugsource-2.3.21-16.el10_0.1.x86_64.rpm SHA-256: 6f0a33d403556f9485337ace4c52442534a76e16ed0e040d86bc3ff38b3370e7 dovecot-mysql-2.3.21-16.el10_0.1.x86_64.rpm SHA-256: 3c39987608e02c213e6f20a19a8b6d093e0dedc4b88ad3438fc13c4f5008760d dovecot-mysql-debuginfo-2.3.21-16.el10_0.1.x86_64.rpm SHA-256: 4b428504e46ea37693f6042cf738778aa160046726c67348b9812740c8fe2384 dovecot-pgsql-2.3.21-16.el10_0.1.x86_64.rpm SHA-256: 6293d329a35d1b758e8a3db3ea0e561e7d00be4722dc8fccc2b478a29da54eee dovecot-pgsql-debuginfo-2.3.21-16.el10_0.1.x86_64.rpm SHA-256: d9d1a33aa9b7f3435d4538c52bb8372f7397d6a0790d213e1ed071dfb6dbf36e dovecot-pigeonhole-2.3.21-16.el10_0.1.x86_64.rpm SHA-256: fdee0fa86c825c688935654275c04aa9b91848b9028d1471ccb543f8fbc562fe dovecot-pigeonhole-debuginfo-2.3.21-16.el10_0.1.x86_64.rpm SHA-256: fba93e7a8d47cf6a98b23a165073f639e86625fd194273ca1c107c9682ea5cab Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM dovecot-2.3.21-16.el10_0.1.src.rpm SHA-256: 8750a3e2e8bdf0cc1356cbbf9746274dc8cb68d4645803207ae41bdea33b759a s390x dovecot-2.3.21-16.el10_0.1.s390x.rpm SHA-256: 4fa0d7d02ece9fbe1f651efbfa0697b8b21792f699d8711a712dbb23abaf29b1 dovecot-debuginfo-2.3.21-16.el10_0.1.s390x.rpm SHA-256: 262f4d1dc86feb10a9da49341937c3d16679181b873ad4eab969f8377429890f dovecot-debugsource-2.3.21-16.el10_0.1.s390x.rpm SHA-256: e3fe31022122e22f9cd75bf99ad07d7c53b31ff8305327593227e2ca33ecf606 dovecot-mysql-2.3.21-16.el10_0.1.s390x.rpm SHA-256: ccd3207acd0b1c4efb721fe5f7617a87e480abccb39e95d392b09da40e2d60ad dovecot-mysql-debuginfo-2.3.21-16.el10_0.1.s390x.rpm SHA-256: ed3bbeb42432844e760ab6fd30af9ea7498851edfadfe92d41b20ba7f07b035f dovecot-pgsql-2.3.21-16.el10_0.1.s390x.rpm SHA-256: 20ec1599e271d6b58bd38978076c494166745a918908c5ac44e750973b0f0cc0 dovecot-pgsql-debuginfo-2.3.21-16.el10_0.1.s390x.rpm SHA-256: 68d3d83d26785b4b1ee669d17180baae16d3c7b9f32c909193ed645c7dd2eb7c dovecot-pigeonhole-2.3.21-16.el10_0.1.s390x.rpm SHA-256: 19883abca70f6040251ed46bce8fbdea238b7bbbfdb5b979217de44b31f8ee82 dovecot-pigeonhole-debuginfo-2.3.21-16.el10_0.1.s390x.rpm SHA-256: 8c726527d9ae545712e80f0465425324efd9abfbbfb600565a974e4f59b077d0 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM dovecot-2.3.21-16.el10_0.1.src.rpm SHA-256: 8750a3e2e8bdf0cc1356cbbf9746274dc8cb68d4645803207ae41bdea33b759a ppc64le dovecot-2.3.21-16.el10_0.1.ppc64le.rpm SHA-256: 3f4372128bce444cda1fb25e5b004f35398d22fd5572e9f777e7c8e5cee48ee0 dovecot-debuginfo-2.3.21-16.el10_0.1.ppc64le.rpm SHA-256: 8f1a6f6dc59dc94416321c8bfcfb49f15cd566e6d887f33ad6c4fcf0998bf33c dovecot-debugsource-2.3.21-16.el10_0.1.ppc64le.rpm SHA-256: 945d8f47ca7b23d97892c23fc7a2dc8845e450872c4ddf6fbd6b7ba95330a60c dovecot-mysql-2.3.21-16.el10_0.1.ppc64le.rpm SHA-256: c658d1f000c990f3d1b7580929c79c12946a3dab449d726051bc5336a1e67dfc dovecot-mysql-debuginfo-2.3.21-16.el10_0.1.ppc64le.rpm SHA-256: 17936f07355ecc5367845f83684e5efb0c2a430fffa9037ba274b2d2dad444fa dovecot-pgsql-2.3.21-16.el10_0.1.ppc64le.rpm SHA-256: c7e85494be54edad727a022d907627936bb3b4e3b044aa0f8ba5db3f31f469c0 dovecot-pgsql-debuginfo-2.3.21-16.el10_0.1.ppc64le.rpm SHA-256: 12d22950235d838d8fcae53dd3783765121fe21c3c5d31383049cf05105263df dovecot-pigeonhole-2.3.21-16.el10_0.1.ppc64le.rpm SHA-256: aecbe0e039571ee755bfb505b2b05592fe1a50b003df1a361e0618e23e3fc0ec dovecot-pigeonhole-debuginfo-2.3.21-16.el10_0.1.ppc64le.rpm SHA-256: e3148c7757252f93d34127a5bfc3cd24a8dcceb231b6d3892a6850598c70fd87 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM dovecot-2.3.21-16.el10_0.1.src.rpm SHA-256: 8750a3e2e8bdf0cc1356cbbf9746274dc8cb68d4645803207ae41bdea33b759a aarch64 dovecot-2.3.21-16.el10_0.1.aarch64.rpm SHA-256: f5d3bc559057ce7df70520e08ec428d0f20e84a8fbf9128308700208f2999014 dovecot-debuginfo-2.3.21-16.el10_0.1.aarch64.rpm SHA-256: 33e8c89430522ebbcaa57ce90381d040418ec6ef0721dd33a65d95d762d20e28 dovecot-debugsource-2.3.21-16.el10_0.1.aarch64.rpm SHA-256: c1d944ab8cb68e22d85a5f888e4fb74882fee10c649f3ee59daeb79083acadb1 dovecot-mysql-2.3.21-16.el10_0.1.aarch64.rpm SHA-256: e5aaeb383015ddf5efacdbd82532109a0d2ac605e8af78568de83e151cd259d2 dovecot-mysql-debuginfo-2.3.21-16.el10_0.1.aarch64.rpm SHA-256: 47174add8af080826b4f9e4c9c08310651c33a0de44f600990d385bd69aa1f72 dovecot-pgsql-2.3.21-16.el10_0.1.aarch64.rpm SHA-256: 1fe491fa09eb8b70dc818071655d2be2107af2974e6d1e88815bce513b102091 dovecot-pgsql-debuginfo-2.3.21-16.el10_0.1.aarch64.rpm SHA-256: 4d2e5cf175a893586ff410e8273866262216b4e536ab8a552fb3032213e2e7e1 dovecot-pigeonhole-2.3.21-16.el10_0.1.aarch64.rpm SHA-256: fc50b4e709359d3b0351ac9c98d9c7eaca80a0551c208b0cf12288194c3f824d dovecot-pigeonhole-debuginfo-2.3.21-16.el10_0.1.aarch64.rpm SHA-256: 7bb0174cb094044ddff8228364b4a4a7e42f31712d5d40f3397826519f7b8f67 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 SRPM x86_64 dovecot-debuginfo-2.3.21-16.el10_0.1.x86_64.rpm SHA-256: efe64419a85056262f209c5a0d63ceea314b468a99df4f4f24640499e1cd5166 dovecot-debugsource-2.3.21-16.el10_0.1.x86_64.rpm SHA-256: 6f0a33d403556f9485337ace4c52442534a76e16ed0e040d86bc3ff38b3370e7 dovecot-devel-2.3.21-16.el10_0.1.x86_64.rpm SHA-256: 9ce432aa565325c78981bcb396356f86b18bf2a839408a2700094738c650367d dovecot-mysql-debuginfo-2.3.21-16.el10_0.1.x86_64.rpm SHA-256: 4b428504e46ea37693f6042cf738778aa160046726c67348b9812740c8fe2384 dovecot-pgsql-debuginfo-2.3.21-16.el10_0.1.x86_64.rpm SHA-256: d9d1a33aa9b7f3435d4538c52bb8372f7397d6a0790d213e1ed071dfb6dbf36e dovecot-pigeonhole-debuginfo-2.3.21-16.el10_0.1.x86_64.rpm SHA-256: fba93e7a8d47cf6a98b23a165073f639e86625fd194273ca1c107c9682ea5cab Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 SRPM ppc64le dovecot-debuginfo-2.3.21-16.el10_0.1.ppc64le.rpm SHA-256: 8f1a6f6dc59dc94416321c8bfcfb49f15cd566e6d887f33ad6c4fcf0998bf33c dovecot-debugsource-2.3.21-16.el10_0.1.ppc64le.rpm SHA-256: 945d8f47ca7b23d97892c23fc7a2dc8845e450872c4ddf6fbd6b7ba95330a60c dovecot-devel-2.3.21-16.el10_0.1.ppc64le.rpm SHA-256: 6610ec3f38541100bff04c33b5a87d51a6bd3256a8645e19922b6a18e37dca10 dovecot-mysql-debuginfo-2.3.21-16.el10_0.1.ppc64le.rpm SHA-256: 17936f07355ecc5367845f83684e5efb0c2a430fffa9037ba274b2d2dad444fa dovecot-pgsql-debuginfo-2.3.21-16.el10_0.1.ppc64le.rpm SHA-256: 12d22950235d838d8fcae53dd3783765121fe21c3c5d31383049cf05105263df dovecot-pigeonhole-debugin