Explore top 10 tips to secure your open-source projects now. Read More
×
Cyrus SASL could run programs if it received specially crafted network
traffic.
Software Description:
- cyrus-sasl2: Cyrus Simple Authentication and Security Layer
Details:
It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL
input. A remote attacker could use this issue to execute arbitrary SQL
commands.
The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: libsasl2-modules-sql 2.1.27+dfsg-2.1ubuntu0.1 Ubuntu 20.04 LTS: libsasl2-modules-sql 2.1.27+dfsg-2ubuntu0.1 Ubuntu 18.04 LTS: libsasl2-modules-sql 2.1.27~101-g0780600+dfsg-3ubuntu2.4 After a standard system update you need to reboot your computer to make all the necessary changes.
https://ubuntu.com/security/notices/USN-5301-1
CVE-2022-24407
Get the latest Linux and open source security news straight to your inbox.