Univention Bugzilla – Bug 50679
cyrus-sasl2: Multiple issues (4.4)
Last modified: 2020-01-15 17:00:03 CET
New Debian cyrus-sasl2 2.1.27~101-g0780600+dfsg-3+deb9u1 fixes: This update addresses the following issue: * cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. (CVE-2019-19906)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/cyrus-sasl2_2.1.27~101-g0780600+dfsg-3.dsc +++ apt/ucs_4.4-0-errata4.4-3/source/cyrus-sasl2_2.1.27~101-g0780600+dfsg-3+deb9u1.dsc @@ -1,3 +1,8 @@ +2.1.27~101-g0780600+dfsg-3+deb9u1 [Thu, 19 Dec 2019 23:13:43 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Off-by-one in _sasl_add_string function (CVE-2019-19906) (Closes: #947043) + 2.1.27~101-g0780600+dfsg-3 [Sun, 19 Mar 2017 12:30:33 +0000] Holger Levsen <holger@debian.org>: [ Holger Levsen ] <http://10.200.17.11/4.4-3/#2883985749128941646>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts Ignore error purging /usr/lib/sasl2/ [4.4-3] 12bae0602d Bug #50679: cyrus-sasl2 2.1.27~101-g0780600+dfsg-3+deb9u1 doc/errata/staging/cyrus-sasl2.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) [4.4-3] 5d1caeda48 Bug #50679: cyrus-sasl2 2.1.27~101-g0780600+dfsg-3+deb9u1 doc/errata/staging/cyrus-sasl2.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<http://errata.software-univention.de/ucs/4.4/415.html>