ELSA-2026-13857

ULN >
Oracle Linux Errata repository >
ELSA-2026-13857

ELSA-2026-13857 - dovecot security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-05-06

Description

[1:2.3.16-15.1]
- fix CVE-2026-27858: denial of service via crafted message before authentication (RHEL-161639)
- fix CVE-2025-59032: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command (RHEL-162287)
- fix CVE-2026-27857: denial of service via specially crafted NOOP command (RHEL-161678)

Related CVEs

CVE-2025-59032

CVE-2026-27857

CVE-2026-27858

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	dovecot-2.3.16-15.el9_7.1.src.rpm	60c4c5a68e04bb870c38d958ba82c897b086a421163c2366350ea8e8372440d4	-	ol9_aarch64_appstream
	dovecot-2.3.16-15.el9_7.1.src.rpm	60c4c5a68e04bb870c38d958ba82c897b086a421163c2366350ea8e8372440d4	-	ol9_aarch64_codeready_builder
	dovecot-2.3.16-15.el9_7.1.aarch64.rpm	87da3ced19b019810d2587079256b052743de574f1cd6300521748071f25d598	-	ol9_aarch64_appstream
	dovecot-devel-2.3.16-15.el9_7.1.aarch64.rpm	5284eddc1503954e64c85688d470fd52ee0ea0da4d15c7e096e43cae7ca8b64c	-	ol9_aarch64_codeready_builder
	dovecot-mysql-2.3.16-15.el9_7.1.aarch64.rpm	359cc8e4ded058be7ddd4a647bb2cc575458d72ab5aaf539fb71b93ba77d69f3	-	ol9_aarch64_appstream
	dovecot-pgsql-2.3.16-15.el9_7.1.aarch64.rpm	5e19e8fa290a1c8e8e73d2384424f66433db31964660b6aa934f0f184a7b0696	-	ol9_aarch64_appstream
	dovecot-pigeonhole-2.3.16-15.el9_7.1.aarch64.rpm	98dd4757efa579f16327bb1d0e191c10b7b032d8e81cd49ded3d30361c59b724	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	dovecot-2.3.16-15.el9_7.1.src.rpm	60c4c5a68e04bb870c38d958ba82c897b086a421163c2366350ea8e8372440d4	-	ol9_x86_64_appstream
	dovecot-2.3.16-15.el9_7.1.src.rpm	60c4c5a68e04bb870c38d958ba82c897b086a421163c2366350ea8e8372440d4	-	ol9_x86_64_codeready_builder
	dovecot-2.3.16-15.el9_7.1.i686.rpm	1a5975dbd41176eb028b8194401ab30e955adac87669ef50f709fc9b87d84901	-	ol9_x86_64_codeready_builder
	dovecot-2.3.16-15.el9_7.1.x86_64.rpm	e108c515a614955ffa936750441e8d318f8f0c290ed712ba105550178c7bad86	-	ol9_x86_64_appstream
	dovecot-devel-2.3.16-15.el9_7.1.i686.rpm	06e17700d5b7306db0b9372441b8eb730c28d908080c5f73a21360e882845b6e	-	ol9_x86_64_codeready_builder
	dovecot-devel-2.3.16-15.el9_7.1.x86_64.rpm	dc0ee751ff33297436015af724a799c07e0a51b77f5911bb86267f4158e18ad1	-	ol9_x86_64_codeready_builder
	dovecot-mysql-2.3.16-15.el9_7.1.x86_64.rpm	f268f55156a3defd71b22ed7aeb50566eb075222291186364aad9f343a15d524	-	ol9_x86_64_appstream
	dovecot-pgsql-2.3.16-15.el9_7.1.x86_64.rpm	aea00593055e42151e9e597d04d5129564de45d918c0167f519fc94d284b4b9e	-	ol9_x86_64_appstream
	dovecot-pigeonhole-2.3.16-15.el9_7.1.x86_64.rpm	d354a2f6a488a82bae653a91b7da83a7673e011005d68591ce8efb31b962f1b8	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691