{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2026-27858: managesieve: fix DoS via crafted message before\n authentication that caused excessive memory allocation\n- CVE-2025-59032: managesieve: fix crash when AUTHENTICATE command does not\n finish on the first call (literal SASL initial response)", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1778614755", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1778614755" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/tuxcare9.6esu/advisories/2026/clsa-2026_1778614755.json" } ], "tracking": { "current_release_date": "2026-05-12T19:40:06Z", "generator": { "date": "2026-05-12T19:40:06Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1778614755", "initial_release_date": "2026-05-12T19:40:06Z", "revision_history": [ { "date": "2026-05-12T19:40:06Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "dovecot: Fix of 2 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.6", "product": { "name": "AlmaLinux 9.6", "product_id": "AlmaLinux-9.6", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.6:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Rocky Linux 9.6", "product": { "name": "Rocky Linux 9.6", "product_id": "Rocky Linux-9.6", "product_identification_helper": { "cpe": "cpe:2.3:o:resf:rocky_linux:9.6:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Rocky Linux" } ], "category": "vendor", "name": "Rocky Linux" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "product": { "name": "dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "product_id": "dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-mysql@2.3.16-15.el9.tuxcare.els2?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "product": { "name": "dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "product_id": "dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-pgsql@2.3.16-15.el9.tuxcare.els2?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64", "product": { "name": "dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64", "product_id": "dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot@2.3.16-15.el9.tuxcare.els2?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64", "product": { "name": "dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64", "product_id": "dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-pigeonhole@2.3.16-15.el9.tuxcare.els2?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64", "product": { "name": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64", "product_id": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-devel@2.3.16-15.el9.tuxcare.els2?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els1.x86_64", "product": { "name": "dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els1.x86_64", "product_id": "dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-pigeonhole@2.3.16-15.el9.tuxcare.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-1:2.3.16-15.el9.tuxcare.els1.x86_64", "product": { "name": "dovecot-1:2.3.16-15.el9.tuxcare.els1.x86_64", "product_id": "dovecot-1:2.3.16-15.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot@2.3.16-15.el9.tuxcare.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.x86_64", "product": { "name": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.x86_64", "product_id": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-devel@2.3.16-15.el9.tuxcare.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-mysql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "product": { "name": "dovecot-mysql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "product_id": "dovecot-mysql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-mysql@2.3.16-15.el9.tuxcare.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "product": { "name": "dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "product_id": "dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-pgsql@2.3.16-15.el9.tuxcare.els1?arch=x86_64&epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "dovecot-1:2.3.16-15.el9.tuxcare.els2.i686", "product": { "name": "dovecot-1:2.3.16-15.el9.tuxcare.els2.i686", "product_id": "dovecot-1:2.3.16-15.el9.tuxcare.els2.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot@2.3.16-15.el9.tuxcare.els2?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686", "product": { "name": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686", "product_id": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-devel@2.3.16-15.el9.tuxcare.els2?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "dovecot-1:2.3.16-15.el9.tuxcare.els1.i686", "product": { "name": "dovecot-1:2.3.16-15.el9.tuxcare.els1.i686", "product_id": "dovecot-1:2.3.16-15.el9.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot@2.3.16-15.el9.tuxcare.els1?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.i686", "product": { "name": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.i686", "product_id": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/dovecot-devel@2.3.16-15.el9.tuxcare.els1?arch=i686&epoch=1" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64" }, "product_reference": "dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64" }, "product_reference": "dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-1:2.3.16-15.el9.tuxcare.els2.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.i686" }, "product_reference": "dovecot-1:2.3.16-15.el9.tuxcare.els2.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64" }, "product_reference": "dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64" }, "product_reference": "dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64" }, "product_reference": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686" }, "product_reference": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64" }, "product_reference": "dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64" }, "product_reference": "dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-1:2.3.16-15.el9.tuxcare.els2.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.i686" }, "product_reference": "dovecot-1:2.3.16-15.el9.tuxcare.els2.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64" }, "product_reference": "dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64" }, "product_reference": "dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64" }, "product_reference": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686" }, "product_reference": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els1.x86_64" }, "product_reference": "dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-1:2.3.16-15.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.x86_64" }, "product_reference": "dovecot-1:2.3.16-15.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-1:2.3.16-15.el9.tuxcare.els1.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.i686" }, "product_reference": "dovecot-1:2.3.16-15.el9.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.i686" }, "product_reference": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.x86_64" }, "product_reference": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-mysql-1:2.3.16-15.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els1.x86_64" }, "product_reference": "dovecot-mysql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els1.x86_64" }, "product_reference": "dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els1.x86_64" }, "product_reference": "dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-1:2.3.16-15.el9.tuxcare.els1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.x86_64" }, "product_reference": "dovecot-1:2.3.16-15.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-1:2.3.16-15.el9.tuxcare.els1.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.i686" }, "product_reference": "dovecot-1:2.3.16-15.el9.tuxcare.els1.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.i686" }, "product_reference": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.x86_64" }, "product_reference": "dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-mysql-1:2.3.16-15.el9.tuxcare.els1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els1.x86_64" }, "product_reference": "dovecot-mysql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els1.x86_64" }, "product_reference": "dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-27858", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "description", "text": "Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory.\nAttacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No publicly available exploits are known.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.i686", "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.i686", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64" ], "known_affected": [ "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.i686", "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.x86_64", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.i686", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.x86_64", "AlmaLinux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "AlmaLinux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "AlmaLinux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.i686", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.i686", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-27858" } ], "release_date": "2026-03-27T08:10:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-12T19:39:19.002400Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1778614755", "product_ids": [ "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.i686", "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.i686", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1778614755" }, { "category": "none_available", "date": "2026-03-27T08:10:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.i686", "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.x86_64", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.i686", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.x86_64", "AlmaLinux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "AlmaLinux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "AlmaLinux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.i686", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.i686", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.i686", "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.i686", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-59032", "cwe": { "id": "CWE-229", "name": "Improper Handling of Values" }, "notes": [ { "category": "description", "text": "ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.i686", "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.i686", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64" ], "known_affected": [ "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.i686", "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.x86_64", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.i686", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.x86_64", "AlmaLinux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "AlmaLinux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "AlmaLinux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.i686", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.i686", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-59032" } ], "release_date": "2026-03-27T08:10:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-05-12T19:39:19.002400Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1778614755", "product_ids": [ "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.i686", "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.i686", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1778614755" }, { "category": "none_available", "date": "2026-03-27T08:10:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.i686", "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.x86_64", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.i686", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.x86_64", "AlmaLinux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "AlmaLinux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "AlmaLinux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.i686", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.i686", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.i686", "AlmaLinux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686", "AlmaLinux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "AlmaLinux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.i686", "Rocky Linux-9.6:dovecot-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.i686", "Rocky Linux-9.6:dovecot-devel-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-mysql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-pgsql-1:2.3.16-15.el9.tuxcare.els2.x86_64", "Rocky Linux-9.6:dovecot-pigeonhole-1:2.3.16-15.el9.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }