Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 498
Alerts This Week
Warning Icon 1 498

Debian: DSA-3368-1 Moderate: Fix for Cyrus-SASL2 DoS Threat

debian
Calendar Grey September 25, 2015
Debian Logo
The Debian Security Notice DSA-3368-1 highlights vulnerabilities found in cyrus-sasl2 that could lead to denial of service. It is advisable to update for improved security and performance.
It was discovered that cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, does not properly handle certain invalid password salts

Summary

For the stable distribution (jessie), this problem has been fixed in
version 2.1.26.dfsg1-13+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 2.1.26.dfsg1-14.

We recommend that you upgrade your cyrus-sasl2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Package: cyrus-sasl2
CVE ID: CVE-2013-4122

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.