Univention Bugzilla – Bug 54490
cyrus-sasl2: Multiple issues (5.0)
Last modified: 2022-03-02 16:22:20 CET
New Debian cyrus-sasl2 2.1.27+dfsg-1+deb10u2 fixes: This update addresses the following issue: * failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands (CVE-2022-24407)
--- mirror/ftp/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.27+dfsg-1+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-1/source/cyrus-sasl2_2.1.27+dfsg-1+deb10u2.dsc @@ -1,3 +1,9 @@ +2.1.27+dfsg-1+deb10u2 [Fri, 25 Feb 2022 09:39:20 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Fix _sasl_add_string + * Escape password for SQL insert/update commands (CVE-2022-24407) + 2.1.27+dfsg-1+deb10u1 [Thu, 19 Dec 2019 22:59:30 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/5.0-1/#2799462928013672938>
OK: yaml OK: announce_errata OK: patch ~OK: piuparts Casued by https://forge.univention.org/bugzilla/show_bug.cgi?id=53512 again [5.0-1] e62c2762a0 Bug #54490: cyrus-sasl2 2.1.27+dfsg-1+deb10u2 doc/errata/staging/cyrus-sasl2.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x236>