2024-03-30
ALT-BU-2024-4756-1
Branch c10f1 update bulletin.
Package cyrus-sasl2 updated to version 2.1.28-alt1 for branch c10f1 in task 343614.
Closed vulnerabilities
Published: 2019-11-25
BDU:2020-01461
Уязвимость метода аунтефикации пользователей Cyrus SASL, связанная с записью за границами буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2022-03-02
BDU:2022-01443
Уязвимость реализации механизма аутентификации Cyrus SASL, связанная с непринятием мер по защите структуры SQL-запроса, позволяющая нарушителю выполнить произвольный SQL-запрос
Severity: CRITICAL (9.1)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
References:
Published: 2019-12-19
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-19906
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- 20200717 APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6
- 20200717 APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6
- 20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra
- 20200717 APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra
- [oss-security] 20220223 Fwd: Cyrus-SASL 2.1.28 released [fixes CVE-2022-24407 & CVE-2019-19906]
- [oss-security] 20220223 Fwd: Cyrus-SASL 2.1.28 released [fixes CVE-2022-24407 & CVE-2019-19906]
- https://github.com/cyrusimap/cyrus-sasl/issues/587
- https://github.com/cyrusimap/cyrus-sasl/issues/587
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
- [debian-lts-announce] 20191220 [SECURITY] [DLA 2044-1] cyrus-sasl2 security update
- [debian-lts-announce] 20191220 [SECURITY] [DLA 2044-1] cyrus-sasl2 security update
- FEDORA-2020-51d591d035
- FEDORA-2020-51d591d035
- FEDORA-2020-bf829f9a84
- FEDORA-2020-bf829f9a84
- 20191225 [SECURITY] [DSA 4591-1] cyrus-sasl2 security update
- 20191225 [SECURITY] [DSA 4591-1] cyrus-sasl2 security update
- https://support.apple.com/kb/HT211288
- https://support.apple.com/kb/HT211288
- https://support.apple.com/kb/HT211289
- https://support.apple.com/kb/HT211289
- USN-4256-1
- USN-4256-1
- DSA-4591
- DSA-4591
- https://www.openldap.org/its/index.cgi/Incoming?id=9123
- https://www.openldap.org/its/index.cgi/Incoming?id=9123
Published: 2022-02-24
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-24407
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- [oss-security] 20220223 Fwd: Cyrus-SASL 2.1.28 released [fixes CVE-2022-24407 & CVE-2019-19906]
- [oss-security] 20220223 Fwd: Cyrus-SASL 2.1.28 released [fixes CVE-2022-24407 & CVE-2019-19906]
- https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst
- https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst
- [debian-lts-announce] 20220306 [SECURITY] [DLA 2931-1] cyrus-sasl2 security update
- [debian-lts-announce] 20220306 [SECURITY] [DLA 2931-1] cyrus-sasl2 security update
- FEDORA-2022-e33e824d37
- FEDORA-2022-e33e824d37
- FEDORA-2022-8cc64f73d0
- FEDORA-2022-8cc64f73d0
- FEDORA-2022-f9642fab70
- FEDORA-2022-f9642fab70
- https://security.netapp.com/advisory/ntap-20221007-0003/
- https://security.netapp.com/advisory/ntap-20221007-0003/
- https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
- https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
- DSA-5087
- DSA-5087
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Closed bugs
При подготовке к Usrmerge сломался sssd