A flaw was found in dovecot. An attacker can use the way dovecot handles RPA (Remote Passphrase Authentication) to crash the authentication process repeatedly preventing login. The highest threat from this vulnerability is to system availability.
Upstream suggests that this flaw can be mitigated by disabling RPA (Remote Passphrase Authentication). RPA can be disabled by using the configuration parameter "auth_mechanisms". More details available at: <https://doc.dovecot.org/configuration_manual/authentication/authentication_mechanisms/>