Debian: DSA-4591-1: cyrus-sasl2 security update

    Date20 Dec 2019
    831
    Posted ByLinuxSecurity Advisories
    Stephan Zeisberg reported an out-of-bounds write vulnerability in the _sasl_add_string() function in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer. A remote attacker can take advantage of this issue to cause denial-of-service conditions for
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-4591-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                     Salvatore Bonaccorso
    December 20, 2019                     https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : cyrus-sasl2
    CVE ID         : CVE-2019-19906
    Debian Bug     : 947043
    
    Stephan Zeisberg reported an out-of-bounds write vulnerability in the
    _sasl_add_string() function in cyrus-sasl2, a library implementing the
    Simple Authentication and Security Layer. A remote attacker can take
    advantage of this issue to cause denial-of-service conditions for
    applications using the library.
    
    For the oldstable distribution (stretch), this problem has been fixed
    in version 2.1.27~101-g0780600+dfsg-3+deb9u1.
    
    For the stable distribution (buster), this problem has been fixed in
    version 2.1.27+dfsg-1+deb10u1.
    
    We recommend that you upgrade your cyrus-sasl2 packages.
    
    For the detailed security status of cyrus-sasl2 please refer to its
    security tracker page at:
    https://security-tracker.debian.org/tracker/cyrus-sasl2
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"90","type":"x","order":"1","pct":78.95,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"18","type":"x","order":"2","pct":15.79,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"6","type":"x","order":"3","pct":5.26,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.