1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4591-1] cyrus-sasl2 security update

    From Salvatore Bonaccorso@1:229/2 to All on Fri Dec 20 22:20:01 2019
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4591-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 20, 2019 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : cyrus-sasl2
    CVE ID : CVE-2019-19906
    Debian Bug : 947043

    Stephan Zeisberg reported an out-of-bounds write vulnerability in the _sasl_add_string() function in cyrus-sasl2, a library implementing the
    Simple Authentication and Security Layer. A remote attacker can take
    advantage of this issue to cause denial-of-service conditions for
    applications using the library.

    For the oldstable distribution (stretch), this problem has been fixed
    in version 2.1.27~101-g0780600+dfsg-3+deb9u1.

    For the stable distribution (buster), this problem has been fixed in
    version 2.1.27+dfsg-1+deb10u1.

    We recommend that you upgrade your cyrus-sasl2 packages.

    For the detailed security status of cyrus-sasl2 please refer to its
    security tracker page at: https://security-tracker.debian.org/tracker/cyrus-sasl2

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl39OA1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Q0kA//dEij3BH9LlmpcsH9zjny8P0DjsykncN+4w4hJHAzHi6dJfStBEH7cDy+ YdeMJQP5g3ckTL6hT+MDY3TX38jjDoUM/DHJX+d/B28dFyhyrTK3SUccjUBCn5XK KSr8nspBgCuLAjXoN+u5roewz5/XGh9YCOQO3ZsVHeBRw4xrYyGqFTk/3mLw5hnn 2K3T7QgFCJzQgM4h0y/4CRfAR6pLLdworDtOrw8s40bIQ6ZJGEw8fDUqGjRwbHJC rxlWPEkgbTl/I8N4Z8Ns/HPa8PF1/qWUvhcT0MFAxm/9F6cMK6Xp1roDyhcXAvNC JpW1ieecHA7lB2FRs1/AHovbHQUre9MUmPNA2wGI11rJe68YciTdR289DQ0tvvxs 2r13vohK86Q+AEMvCWnSGyTTKM7Hj18HDZgMYCdvm4K0U4W/oGhCxNSUYIUxBVv3 Z/Jou12LwwKlASbuqtfIaSxUUQLagOVKy85WP9O4+gSWApCmlULNT4rz3iVIjIjp 1T5vTnlobUREQJYtxofQ4g1SWEFCQirw5iekbPHqOnfbfmOXd4dJd93rgQMyhLAr +TFqUQBqqJyp3bS3di719taL39vNDiEmBbhT9jPAqYOVB9Kx+dK+GXXKs3XgEJPp 38x8B+ufRQdX/U/wlkspkTEWEiILHPiv+uS2FWGfNQIjcNLl8Rg=
    =GOx0
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)