CLSA-2026-1778220630

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1778220630.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1778220630
Upstream
  • CVE-2026-27855
  • CVE-2026-27856
  • CVE-2026-27857
Published
2026-05-08T06:10:35Z
Modified
2026-06-01T00:30:10.753962277Z
Summary
dovecot: Fix of 3 CVEs
Details
  • CVE-2026-27855: fix OTP authentication replay attack via auth cache
  • CVE-2026-27856: fix doveadm credential timing oracle
  • CVE-2026-27857: fix excessive memory usage from deeply nested IMAP command lists (pre-auth ID command)
References

Affected packages

TuxCare:AlmaLinux:9.6
dovecot

Package

Name
dovecot
Purl
pkg:rpm/tuxcare/dovecot?distro=almalinux-9.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.3.16-15.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1778220630.json"
dovecot-devel

Package

Name
dovecot-devel
Purl
pkg:rpm/tuxcare/dovecot-devel?distro=almalinux-9.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.3.16-15.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1778220630.json"
dovecot-mysql

Package

Name
dovecot-mysql
Purl
pkg:rpm/tuxcare/dovecot-mysql?distro=almalinux-9.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.3.16-15.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1778220630.json"
dovecot-pgsql

Package

Name
dovecot-pgsql
Purl
pkg:rpm/tuxcare/dovecot-pgsql?distro=almalinux-9.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.3.16-15.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1778220630.json"
dovecot-pigeonhole

Package

Name
dovecot-pigeonhole
Purl
pkg:rpm/tuxcare/dovecot-pigeonhole?distro=almalinux-9.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.3.16-15.el9.tuxcare.els1

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1778220630.json"