Red Hat Product Errata RHSA-2026:18053 - Security Advisory Issued: 2026-05-18 Updated: 2026-05-18 RHSA-2026:18053 - Security Advisory Overview Updated Packages Synopsis Important: dovecot security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for dovecot is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command (CVE-2025-59032) dovecot: denial of service via crafted message before authentication (CVE-2026-27858) dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64 Red Hat Enterprise Linux Server - TUS 8.8 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64 Fixes BZ - 2452172 - CVE-2025-59032 dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command BZ - 2452175 - CVE-2026-27858 dovecot: denial of service via crafted message before authentication BZ - 2452179 - CVE-2026-27857 dovecot: denial of service via specially crafted NOOP command CVEs CVE-2025-59032 CVE-2026-27857 CVE-2026-27858 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 SRPM dovecot-2.3.16-3.el8_8.1.src.rpm SHA-256: d89c07e8bb4d331ac8d7e013a301512b22bd7191f1b86e2b26e9e1df6fd1ee42 x86_64 dovecot-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: c4cc9791ea1da881a48e5251e8f5963f12ebe2816dbc63d3ced737f616127058 dovecot-debuginfo-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: 5fbb838c54c55f02d5b8e4647df1881dd61e5c8de3ed67454aa1534e2cde447c dovecot-debugsource-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: db5505e10e73159138ae77d583ed6c13d24698c3be52efc2c2cbfcaa2c5d950a dovecot-mysql-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: 4ca463163d209f55d2fd2ae1e94176cb95a650a420bb6bc50c1f224b7bfad3a9 dovecot-mysql-debuginfo-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: 23b0c8137df6eed17336defdee264451902e186542d6b201a948432711a3228f dovecot-pgsql-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: 35550ae395599b703d81b04be8c86f0c9a339e25f30813d94352cef4bd6644fa dovecot-pgsql-debuginfo-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: e2dcecbd7f70d8e0a024d208f2f775ab2cc10bf93d8c6ed541524f3ca87bf841 dovecot-pigeonhole-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: 2643baeeff2b67895e460d67b34c0228e092fa51d88a8c4c8b3c964fcefeea99 dovecot-pigeonhole-debuginfo-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: cb901ed3949bb80ee9441d1093a1ad98c571e71270e4b79f06a3ffbdb59cb7d2 Red Hat Enterprise Linux Server - TUS 8.8 SRPM dovecot-2.3.16-3.el8_8.1.src.rpm SHA-256: d89c07e8bb4d331ac8d7e013a301512b22bd7191f1b86e2b26e9e1df6fd1ee42 x86_64 dovecot-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: c4cc9791ea1da881a48e5251e8f5963f12ebe2816dbc63d3ced737f616127058 dovecot-debuginfo-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: 5fbb838c54c55f02d5b8e4647df1881dd61e5c8de3ed67454aa1534e2cde447c dovecot-debugsource-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: db5505e10e73159138ae77d583ed6c13d24698c3be52efc2c2cbfcaa2c5d950a dovecot-mysql-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: 4ca463163d209f55d2fd2ae1e94176cb95a650a420bb6bc50c1f224b7bfad3a9 dovecot-mysql-debuginfo-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: 23b0c8137df6eed17336defdee264451902e186542d6b201a948432711a3228f dovecot-pgsql-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: 35550ae395599b703d81b04be8c86f0c9a339e25f30813d94352cef4bd6644fa dovecot-pgsql-debuginfo-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: e2dcecbd7f70d8e0a024d208f2f775ab2cc10bf93d8c6ed541524f3ca87bf841 dovecot-pigeonhole-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: 2643baeeff2b67895e460d67b34c0228e092fa51d88a8c4c8b3c964fcefeea99 dovecot-pigeonhole-debuginfo-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: cb901ed3949bb80ee9441d1093a1ad98c571e71270e4b79f06a3ffbdb59cb7d2 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 SRPM dovecot-2.3.16-3.el8_8.1.src.rpm SHA-256: d89c07e8bb4d331ac8d7e013a301512b22bd7191f1b86e2b26e9e1df6fd1ee42 ppc64le dovecot-2.3.16-3.el8_8.1.ppc64le.rpm SHA-256: 0750e79c4d4da05655769c92939605d498a2bc91a2e45819878df179e69e3a3e dovecot-debuginfo-2.3.16-3.el8_8.1.ppc64le.rpm SHA-256: 80acbff9e45e90f7ebd2c60c1094c7701e09914c1992b137fc84b86d2689f0a0 dovecot-debugsource-2.3.16-3.el8_8.1.ppc64le.rpm SHA-256: 2b0dfae608a2c3e18b80e05184fff95475f24d3e1020accaf282f435d664cc6b dovecot-mysql-2.3.16-3.el8_8.1.ppc64le.rpm SHA-256: f5b2b51db29c631e8fb6247636060736f55ec6d72cdcc4b590f472f391d01ca6 dovecot-mysql-debuginfo-2.3.16-3.el8_8.1.ppc64le.rpm SHA-256: 584852bf3f8e91716f34039d5effbd5097eb3da9a940d2b9f8bc2187b5d99735 dovecot-pgsql-2.3.16-3.el8_8.1.ppc64le.rpm SHA-256: a3d3b2fcf4ad2b577ff20ef8af693e5b80166492741d2f58ae203c99e34efad8 dovecot-pgsql-debuginfo-2.3.16-3.el8_8.1.ppc64le.rpm SHA-256: fde9a8bc2dd687c3aabc7d525705fd2ddef45dac6d75fe5611f339e79e9ac92a dovecot-pigeonhole-2.3.16-3.el8_8.1.ppc64le.rpm SHA-256: 4f57b71c8b80af8fe93f5bcad4191d445f172a897e74f9d1c00a36b08cd166c6 dovecot-pigeonhole-debuginfo-2.3.16-3.el8_8.1.ppc64le.rpm SHA-256: 6beca9d82658a0e857d48e59a47c4b2b593258a2349ab2d28f49bd09c780e747 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 SRPM dovecot-2.3.16-3.el8_8.1.src.rpm SHA-256: d89c07e8bb4d331ac8d7e013a301512b22bd7191f1b86e2b26e9e1df6fd1ee42 x86_64 dovecot-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: c4cc9791ea1da881a48e5251e8f5963f12ebe2816dbc63d3ced737f616127058 dovecot-debuginfo-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: 5fbb838c54c55f02d5b8e4647df1881dd61e5c8de3ed67454aa1534e2cde447c dovecot-debugsource-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: db5505e10e73159138ae77d583ed6c13d24698c3be52efc2c2cbfcaa2c5d950a dovecot-mysql-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: 4ca463163d209f55d2fd2ae1e94176cb95a650a420bb6bc50c1f224b7bfad3a9 dovecot-mysql-debuginfo-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: 23b0c8137df6eed17336defdee264451902e186542d6b201a948432711a3228f dovecot-pgsql-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: 35550ae395599b703d81b04be8c86f0c9a339e25f30813d94352cef4bd6644fa dovecot-pgsql-debuginfo-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: e2dcecbd7f70d8e0a024d208f2f775ab2cc10bf93d8c6ed541524f3ca87bf841 dovecot-pigeonhole-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: 2643baeeff2b67895e460d67b34c0228e092fa51d88a8c4c8b3c964fcefeea99 dovecot-pigeonhole-debuginfo-2.3.16-3.el8_8.1.x86_64.rpm SHA-256: cb901ed3949bb80ee9441d1093a1ad98c571e71270e4b79f06a3ffbdb59cb7d2 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .