Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 8 Advisory: MGASA-2022-0111 Moderate SQL Injection in Cyrus SASL

mageia
Calendar Grey March 23, 2022
Dist Mageia Esm H88
LibGcrypt library patches launched to rectify memory leak vulnerability, disclosed on April 15, 2022.
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement

Summary

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. (CVE-2022-24407)

References

- https://bugs.mageia.org/show_bug.cgi?id=30085

- https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28

-

- https://www.cve.org/CVERecord?id=CVE-2022-24407

Topics%20covered

Topics Covered

security advisory SQL Injection software update security fix moderate severity Cyrus SASL Mageia

Resolution

SRPMS

- 8/core/cyrus-sasl-2.1.27-3.1.mga8

Publication date: 23 Mar 2022
URL: https://advisories.mageia.org/MGASA-2022-0111.html
Type: security
CVE: CVE-2022-24407

Topics%20covered

Topics Covered

security advisory SQL Injection software update security fix moderate severity Cyrus SASL Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here