Red Hat Product Errata RHSA-2026:17630 - Security Advisory Issued: 2026-05-14 Updated: 2026-05-14 RHSA-2026:17630 - Security Advisory Overview Updated Packages Synopsis Important: dovecot security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for dovecot is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command (CVE-2025-59032) dovecot: denial of service via crafted message before authentication (CVE-2026-27858) dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x Fixes BZ - 2452172 - CVE-2025-59032 dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command BZ - 2452175 - CVE-2026-27858 dovecot: denial of service via crafted message before authentication BZ - 2452179 - CVE-2026-27857 dovecot: denial of service via specially crafted NOOP command CVEs CVE-2025-59032 CVE-2026-27857 CVE-2026-27858 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 SRPM dovecot-2.3.16-3.el9_0.1.src.rpm SHA-256: 590cbff772d8810cf74c402545c377f9f6758b16a63ed909612c29a5f08c623d ppc64le dovecot-2.3.16-3.el9_0.1.ppc64le.rpm SHA-256: 69f08ed9f25c98673f90550453cf0c0223c6aa532d2589e8cbabec35ea4fbbbc dovecot-debuginfo-2.3.16-3.el9_0.1.ppc64le.rpm SHA-256: 1701026580996efc4fb68770fc5f00c9c461a63f82db22c67fe4a449d257f950 dovecot-debugsource-2.3.16-3.el9_0.1.ppc64le.rpm SHA-256: 4a34401fbc9390d809aeb7dd0ebbe8267aea169a247787c0866140923d19eaee dovecot-mysql-2.3.16-3.el9_0.1.ppc64le.rpm SHA-256: 9fc723cd77cb6d32d1a2493684616fad0308e64136c24d8edec84e854ca48dce dovecot-mysql-debuginfo-2.3.16-3.el9_0.1.ppc64le.rpm SHA-256: 9f9e3602f3769ecc0f4ad5c9f0e0cb21b8dc62502d05e46f5974253a8842049f dovecot-pgsql-2.3.16-3.el9_0.1.ppc64le.rpm SHA-256: 1d55d9bf6bb012bdac28ba79f3e94c9ac8ad1e8fbd23a645ba988536f4d4818e dovecot-pgsql-debuginfo-2.3.16-3.el9_0.1.ppc64le.rpm SHA-256: 61a7cc10d3a10c096a5740608e8eb5f5744993d5f1568ea04a11ace8b05c50a9 dovecot-pigeonhole-2.3.16-3.el9_0.1.ppc64le.rpm SHA-256: 1ba0ea5b0ad4d6ccfc8dda38b16e19d8135ec70b62e5c3b84ab410bad8608601 dovecot-pigeonhole-debuginfo-2.3.16-3.el9_0.1.ppc64le.rpm SHA-256: cc57765f81356e2ee8cfea4452ffc3ce6a6a323f3484fbe19d6b38c353167389 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM dovecot-2.3.16-3.el9_0.1.src.rpm SHA-256: 590cbff772d8810cf74c402545c377f9f6758b16a63ed909612c29a5f08c623d x86_64 dovecot-2.3.16-3.el9_0.1.x86_64.rpm SHA-256: e9c14d5bc849768fcbe6f2eb898e2c5ed1fea347287682a4bb0c5533f2c50c88 dovecot-debuginfo-2.3.16-3.el9_0.1.x86_64.rpm SHA-256: d7a41e9a68f104098ada29b852d7f3fe464ffa759a38bb6f39ae716aa6b43509 dovecot-debugsource-2.3.16-3.el9_0.1.x86_64.rpm SHA-256: 4169a2a5da0ad6da0182600e7ac9702eb9b20f6908f4f24919348fc3652088ee dovecot-mysql-2.3.16-3.el9_0.1.x86_64.rpm SHA-256: 2ceaccd537af5d653b28462c36f58b412d448430d300f78d6c4ea5757229116b dovecot-mysql-debuginfo-2.3.16-3.el9_0.1.x86_64.rpm SHA-256: 5ad14dad76ac7199b3e8d6b9dd5c73ca3ca4d360ba797f994445a7756c9aa154 dovecot-pgsql-2.3.16-3.el9_0.1.x86_64.rpm SHA-256: d41b5e10086502e35d027c1387b3dab0b71716a0b9b33171839a15180fbe0038 dovecot-pgsql-debuginfo-2.3.16-3.el9_0.1.x86_64.rpm SHA-256: 18bdc8efe82d3d21357da7a52848a6b899302e975cd8bdf3cbff900b28f455dc dovecot-pigeonhole-2.3.16-3.el9_0.1.x86_64.rpm SHA-256: 7cf0c78269f63b2cbe7bfc317840f2f0168601c829565d1a2a95ea6ad6be1f31 dovecot-pigeonhole-debuginfo-2.3.16-3.el9_0.1.x86_64.rpm SHA-256: deaf088c157392e5ad9ae2ea7faaf2967f7eca733af543e1591085dfd4cf081e Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 SRPM dovecot-2.3.16-3.el9_0.1.src.rpm SHA-256: 590cbff772d8810cf74c402545c377f9f6758b16a63ed909612c29a5f08c623d aarch64 dovecot-2.3.16-3.el9_0.1.aarch64.rpm SHA-256: bbf322287aeceecab55eb2b0e2ab2fa8224536b68d6e9289776b0248f9a5c374 dovecot-debuginfo-2.3.16-3.el9_0.1.aarch64.rpm SHA-256: 7adc3d2aed00048aecfcfb0932346853bfde6b99c1f6849027a32bf9ddf613a4 dovecot-debugsource-2.3.16-3.el9_0.1.aarch64.rpm SHA-256: cb069734ba557c1ad3ded7475346920aa15b9316ed04ecc6bfafa8a9658d388e dovecot-mysql-2.3.16-3.el9_0.1.aarch64.rpm SHA-256: 09c2584b7fc62f1bcbe1b818e553f210f82d61af55e50734008b91b2020be00e dovecot-mysql-debuginfo-2.3.16-3.el9_0.1.aarch64.rpm SHA-256: 52fac807b7cf5951e4c7c47a478dc600d64278e6373dc76e00864fc9a02b72f5 dovecot-pgsql-2.3.16-3.el9_0.1.aarch64.rpm SHA-256: fa2a9e449575f07ba05157152d468bc58140b628ef45801c27881ad465b959f3 dovecot-pgsql-debuginfo-2.3.16-3.el9_0.1.aarch64.rpm SHA-256: d7ea54ea9897978a357faa39159598fa57c9699218cfe67c2b8508a320ea8aa9 dovecot-pigeonhole-2.3.16-3.el9_0.1.aarch64.rpm SHA-256: 8e8e4740fb14899f737ce786162d9d0fbb605a039b0d4a17b488642a3309cbc9 dovecot-pigeonhole-debuginfo-2.3.16-3.el9_0.1.aarch64.rpm SHA-256: 2df9653583ad33394a22d0150ed3e88293a05c989133cb1c825dbdd8b919772a Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 SRPM dovecot-2.3.16-3.el9_0.1.src.rpm SHA-256: 590cbff772d8810cf74c402545c377f9f6758b16a63ed909612c29a5f08c623d s390x dovecot-2.3.16-3.el9_0.1.s390x.rpm SHA-256: a558a8edf21d175da18c0d813d2dfe07087094337310e6aeee74c8d7dbf42d2a dovecot-debuginfo-2.3.16-3.el9_0.1.s390x.rpm SHA-256: 7f45b8249334d0748822e2012d9512338c56e91b91b25a9b1698c9d8ecddf699 dovecot-debugsource-2.3.16-3.el9_0.1.s390x.rpm SHA-256: 400a97f0c48bf3064fa51781afc0849ecf0d3edcb8d22e789680b2716bf55f6c dovecot-mysql-2.3.16-3.el9_0.1.s390x.rpm SHA-256: 147d9d38af6f4b7a5e8320ff9c98cced08dd3f55f0c2868d1f17115beb6a7cea dovecot-mysql-debuginfo-2.3.16-3.el9_0.1.s390x.rpm SHA-256: 359a16b240f4f9d87f9b9d358617520e0a8d5074439223afbf050e43af158d12 dovecot-pgsql-2.3.16-3.el9_0.1.s390x.rpm SHA-256: 7c7c4bb775f3e8d9c113b2abaf3a828743b658789df18af1c3d90749f2cf09e5 dovecot-pgsql-debuginfo-2.3.16-3.el9_0.1.s390x.rpm SHA-256: ec1058d2e37075c2c0560c3e74061d668ecca0c7b72dd0e228c55d8bcc5921d0 dovecot-pigeonhole-2.3.16-3.el9_0.1.s390x.rpm SHA-256: 27e9220ce594a5bf8e2707a73c6b144168f5f88b06dbe1efddb1f1e24d930aaa dovecot-pigeonhole-debuginfo-2.3.16-3.el9_0.1.s390x.rpm SHA-256: 3dc9275074811cecbc72356be31eea1c3f5df07041497ffbcf2ea6dcd7c5ba7e The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .