Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:19149: Important: dovecot security update

cve-2026-33999redhatcve-2025-59032cve-2026-27858cve-2026-27857
This security update addresses three denial-of-service vulnerabilities in Dovecot, including one via a crafted SASL initial response in the ManageSieve AUTHENTICATE command (CVE-2025-59032), another via a crafted message before authentication (CVE-2026-27858), and a third via a specially crafted NOOP command (CVE-2026-27857). The CVSS scores for these are 7.5 (HIGH) for CVE-2025-59032 and CVE-2026-27858, and 4.3 (MEDIUM) for CVE-2026-27857. Affected versions are Dovecot prior to 2.4.3, and Open-Xchange Dovecot prior to 2.3.22.1, 3.0.5, or 3.1.4, depending on the specific branch; the fixed versions are Dovecot 2.4.3 and Open-Xchange Dovecot 2.3.22.1, 3.0.5, or 3.1.4.
Read Full Article →

Red Hat Product Errata RHSA-2026:19149 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19149 - Security Advisory Overview Updated Packages Synopsis Important: dovecot security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for dovecot is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command (CVE-2025-59032) dovecot: denial of service via crafted message before authentication (CVE-2026-27858) dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2452172 - CVE-2025-59032 dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command BZ - 2452175 - CVE-2026-27858 dovecot: denial of service via crafted message before authentication BZ - 2452179 - CVE-2026-27857 dovecot: denial of service via specially crafted NOOP command CVEs CVE-2025-59032 CVE-2026-27857 CVE-2026-27858 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM dovecot-2.3.21-19.el10_2.src.rpm SHA-256: 8bcc9d816d59b5ed388a8d9b57353b150911a7aac9146e8cbf34e69e918824e1 x86_64 dovecot-2.3.21-19.el10_2.x86_64.rpm SHA-256: ca1bc2c5ecbec99e76257642b356b57c8c9f0b243e90bc467ee366b94261c028 dovecot-debuginfo-2.3.21-19.el10_2.x86_64.rpm SHA-256: 6dbd9334e3401acd57b795cb3242c8d559625bb3577704e67f1f5c2945055afd dovecot-debugsource-2.3.21-19.el10_2.x86_64.rpm SHA-256: 2d54dcdb1e3b70aa68ade9d242b79bc5975631446cd3d6ed78dda57584b403ea dovecot-mysql-2.3.21-19.el10_2.x86_64.rpm SHA-256: 0b17ccd5215941f7e52a9843ce4a49dc6b2da26d62586a7e7e8645052a0a3272 dovecot-mysql-debuginfo-2.3.21-19.el10_2.x86_64.rpm SHA-256: 358b3ee08fccbe6d1eb376da17bf34a6fc9affe239435b23b82e7446057e7d24 dovecot-pgsql-2.3.21-19.el10_2.x86_64.rpm SHA-256: ca0c004b1605e4a8892c412894cc627d3e53da7d29608aa427b0819196771aac dovecot-pgsql-debuginfo-2.3.21-19.el10_2.x86_64.rpm SHA-256: cf04c3b8b5da1e5c8335890f03520ee769071cca5affa291c97ba5c17485a2c6 dovecot-pigeonhole-2.3.21-19.el10_2.x86_64.rpm SHA-256: 6d19e72daa1ad9d81c36b7e0a9f2f2c8cfe9a8c3f98f5b74adc5611a453d3940 dovecot-pigeonhole-debuginfo-2.3.21-19.el10_2.x86_64.rpm SHA-256: 66646c2c3be5e934910a06c60867defaeb99fc488bd02b83496171d33c150147 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM dovecot-2.3.21-19.el10_2.src.rpm SHA-256: 8bcc9d816d59b5ed388a8d9b57353b150911a7aac9146e8cbf34e69e918824e1 x86_64 dovecot-2.3.21-19.el10_2.x86_64.rpm SHA-256: ca1bc2c5ecbec99e76257642b356b57c8c9f0b243e90bc467ee366b94261c028 dovecot-debuginfo-2.3.21-19.el10_2.x86_64.rpm SHA-256: 6dbd9334e3401acd57b795cb3242c8d559625bb3577704e67f1f5c2945055afd dovecot-debugsource-2.3.21-19.el10_2.x86_64.rpm SHA-256: 2d54dcdb1e3b70aa68ade9d242b79bc5975631446cd3d6ed78dda57584b403ea dovecot-mysql-2.3.21-19.el10_2.x86_64.rpm SHA-256: 0b17ccd5215941f7e52a9843ce4a49dc6b2da26d62586a7e7e8645052a0a3272 dovecot-mysql-debuginfo-2.3.21-19.el10_2.x86_64.rpm SHA-256: 358b3ee08fccbe6d1eb376da17bf34a6fc9affe239435b23b82e7446057e7d24 dovecot-pgsql-2.3.21-19.el10_2.x86_64.rpm SHA-256: ca0c004b1605e4a8892c412894cc627d3e53da7d29608aa427b0819196771aac dovecot-pgsql-debuginfo-2.3.21-19.el10_2.x86_64.rpm SHA-256: cf04c3b8b5da1e5c8335890f03520ee769071cca5affa291c97ba5c17485a2c6 dovecot-pigeonhole-2.3.21-19.el10_2.x86_64.rpm SHA-256: 6d19e72daa1ad9d81c36b7e0a9f2f2c8cfe9a8c3f98f5b74adc5611a453d3940 dovecot-pigeonhole-debuginfo-2.3.21-19.el10_2.x86_64.rpm SHA-256: 66646c2c3be5e934910a06c60867defaeb99fc488bd02b83496171d33c150147 Red Hat Enterprise Linux for IBM z Systems 10 SRPM dovecot-2.3.21-19.el10_2.src.rpm SHA-256: 8bcc9d816d59b5ed388a8d9b57353b150911a7aac9146e8cbf34e69e918824e1 s390x dovecot-2.3.21-19.el10_2.s390x.rpm SHA-256: 24fa7e20a077d2814a9026421831330d881b4d6ac325b2e01dd128a635bf23c6 dovecot-debuginfo-2.3.21-19.el10_2.s390x.rpm SHA-256: 56344a4da5c67e7088d302a3dbe5c3a8c0e484a921144df7e9f80f9c6d7ca6b3 dovecot-debugsource-2.3.21-19.el10_2.s390x.rpm SHA-256: 1f7ad2c27840307da8f12bffb47eb4e70a0ce46e828809f5ba35359bb00ce1bc dovecot-mysql-2.3.21-19.el10_2.s390x.rpm SHA-256: 43876e6c722e91f522c5dadfc6b9d512b1b7a5d82e8d4592ba4f318520853a7a dovecot-mysql-debuginfo-2.3.21-19.el10_2.s390x.rpm SHA-256: 1f3c8fa7b55fbcdddafc4246cf6dda4bc4cc92ba2ae29b7e23dfbaa54ec5c3d1 dovecot-pgsql-2.3.21-19.el10_2.s390x.rpm SHA-256: 5841ba213ae6b032f1ac1124e4b5fc92c605dc17fd7ea0d5d523eab69bbddd64 dovecot-pgsql-debuginfo-2.3.21-19.el10_2.s390x.rpm SHA-256: 0c27cac81ab130997d11d1b6ea5a349109bb2a5b7e2b48f4139a1fdd3f2fed2b dovecot-pigeonhole-2.3.21-19.el10_2.s390x.rpm SHA-256: 96da1f1d58ecfa798a2626bbeff63c42410d26c292bbe8335c4b3f6de4fed8ef dovecot-pigeonhole-debuginfo-2.3.21-19.el10_2.s390x.rpm SHA-256: 2c0069fdc31f6b33a5f8f4d7f3ef629f5a048e9221666283712357e3c6e2409d Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 SRPM dovecot-2.3.21-19.el10_2.src.rpm SHA-256: 8bcc9d816d59b5ed388a8d9b57353b150911a7aac9146e8cbf34e69e918824e1 s390x dovecot-2.3.21-19.el10_2.s390x.rpm SHA-256: 24fa7e20a077d2814a9026421831330d881b4d6ac325b2e01dd128a635bf23c6 dovecot-debuginfo-2.3.21-19.el10_2.s390x.rpm SHA-256: 56344a4da5c67e7088d302a3dbe5c3a8c0e484a921144df7e9f80f9c6d7ca6b3 dovecot-debugsource-2.3.21-19.el10_2.s390x.rpm SHA-256: 1f7ad2c27840307da8f12bffb47eb4e70a0ce46e828809f5ba35359bb00ce1bc dovecot-mysql-2.3.21-19.el10_2.s390x.rpm SHA-256: 43876e6c722e91f522c5dadfc6b9d512b1b7a5d82e8d4592ba4f318520853a7a dovecot-mysql-debuginfo-2.3.21-19.el10_2.s390x.rpm SHA-256: 1f3c8fa7b55fbcdddafc4246cf6dda4bc4cc92ba2ae29b7e23dfbaa54ec5c3d1 dovecot-pgsql-2.3.21-19.el10_2.s390x.rpm SHA-256: 5841ba213ae6b032f1ac1124e4b5fc92c605dc17fd7ea0d5d523eab69bbddd64 dovecot-pgsql-debuginfo-2.3.21-19.el10_2.s390x.rpm SHA-256: 0c27cac81ab130997d11d1b6ea5a349109bb2a5b7e2b48f4139a1fdd3f2fed2b dovecot-pigeonhole-2.3.21-19.el10_2.s390x.rpm SHA-256: 96da1f1d58ecfa798a2626bbeff63c42410d26c292bbe8335c4b3f6de4fed8ef dovecot-pigeonhole-debuginfo-2.3.21-19.el10_2.s390x.rpm SHA-256: 2c0069fdc31f6b33a5f8f4d7f3ef629f5a048e9221666283712357e3c6e2409d Red Hat Enterprise Linux for Power, little endian 10 SRPM dovecot-2.3.21-19.el10_2.src.rpm SHA-256: 8bcc9d816d59b5ed388a8d9b57353b150911a7aac9146e8cbf34e69e918824e1 ppc64le dovecot-2.3.21-19.el10_2.ppc64le.rpm SHA-256: 7c6ffbf38d79806a39a9b46473bb947619018494db25fe4a3b1246c1cb912c46 dovecot-debuginfo-2.3.21-19.el10_2.ppc64le.rpm SHA-256: e8e31ebe99575c7fb92087a92f8c24f9305c96e88d87315c5a803075c1b95bf8 dovecot-debugsource-2.3.21-19.el10_2.ppc64le.rpm SHA-256: 7d195c97eaa9c0e1cd9d80df7bf0a889383245ddfee4f4c51505b70c7689bf9f dovecot-mysql-2.3.21-19.el10_2.ppc64le.rpm SHA-256: 551e08f39427d6fbd77a9523d1090bd0880d4ce4abc657aa5ff5ee7018e2eb07 dovecot-mysql-debuginfo-2.3.21-19.el10_2.ppc64le.rpm SHA-256: 2e998c0dc82f4d55d9a767ac307344119115607eaf3948717e5c0aebf3725acc dovecot-pgsql-2.3.21-19.el10_2.ppc64le.rpm SHA-256: e65b707914ed0ef347e474f737c050a74daec34461e439e4777ab19900f8e840 dovecot-pgsql-debuginfo-2.3.21-19.el10_2.ppc64le.rpm SHA-256: 00d804dadeeed815e619b9a4eaf03aa9f82fe0638882f01f91470da50e8ce88c dovecot-pigeonhole-2.3.21-19.el1

Related Articles

INFO RHSA-2026:17625: Important: dovecot security update Red Hat Errata INFO RHSA-2026:17628: Important: dovecot security update Red Hat Errata MEDIUM RHSA-2026:17626: Important: dovecot security update Red Hat Errata INFO RHSA-2026:19364: Important: dovecot security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn