ALSA-2026:13830
See a problem?- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2026:13830.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALSA-2026:13830
- Related
- Published
- 2026-05-05T00:00:00Z
- Modified
- 2026-05-06T07:44:16.529257433Z
- Summary
- Important: dovecot security update
- Details
-
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages.
Security Fix(es):
- dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command (CVE-2025-59032)
- dovecot: denial of service via crafted message before authentication (CVE-2026-27858)
- dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://access.redhat.com/errata/RHSA-2026:13830
- https://access.redhat.com/security/cve/CVE-2025-59032
- https://access.redhat.com/security/cve/CVE-2026-27857
- https://access.redhat.com/security/cve/CVE-2026-27858
- https://bugzilla.redhat.com/2452172
- https://bugzilla.redhat.com/2452175
- https://bugzilla.redhat.com/2452179
- https://errata.almalinux.org/8/ALSA-2026-13830.html
Affected packages
AlmaLinux:8 / dovecot
Package
- Name
- dovecot
- Purl
- pkg:rpm/almalinux/dovecot
AlmaLinux:8 / dovecot-devel
Package
- Name
- dovecot-devel
- Purl
- pkg:rpm/almalinux/dovecot-devel
AlmaLinux:8 / dovecot-mysql
Package
- Name
- dovecot-mysql
- Purl
- pkg:rpm/almalinux/dovecot-mysql
AlmaLinux:8 / dovecot-pgsql
Package
- Name
- dovecot-pgsql
- Purl
- pkg:rpm/almalinux/dovecot-pgsql