| Name: | dovecot |
|---|---|
| Epoch: | 1 |
| Version: | 2.3.16 |
| Release: | 7.el8_10 |
| Architecture: | aarch64 |
| Group: | System Environment/Daemons |
| Size: | 21572064 |
| License: | MIT and LGPLv2 |
| RPM: | dovecot-2.3.16-7.el8_10.aarch64.rpm |
| Source RPM: | dovecot-2.3.16-7.el8_10.src.rpm |
| Build Date: | Wed May 06 2026 |
| Build Host: | build-ol8-aarch64.oracle.com |
| Vendor: | Oracle America |
| URL: | http://www.dovecot.org/ |
| Summary: | Secure imap and pop3 server |
| Description: | Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. |
- fix CVE-2026-27858: denial of service via crafted message before authentication (RHEL-161630) - fix CVE-2025-59032: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command (RHEL-162282) - fix CVE-2026-27857: denial of service via specially crafted NOOP command (RHEL-161669)
- fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message (RHEL-55219) - fix CVE-2024-23184: using a large number of address headers may trigger a denial of service (RHEL-55206)
- fixes assert-crash when IMAP client uses QRESYNC (#RHEL-22854)
- fix leaking mailboxes if virtual mailbox can't be opened (#2128857)
- fix possible privilege escalation when similar master and non-master passdbs are used (#2106231)
- do not disable xz/lzma for now despite being deprecated
- dovecot updated to 2.3.16, pigeonhole to 0.5.16 - fix CVE-2021-33515 plaintext commands injection (#1980014)
- fix CVE-2020-24386 IMAP hibernation function allows mail access (#1913534)
- fix CVE-2020-25275 denial of service via mail MIME parsing (#1914019)
- change run directory from /var/run to /run (#1805947)