Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4591-1] cyrus-sasl2 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4591-1] cyrus-sasl2 security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4591-1] cyrus-sasl2 security update
  • Date: Fri, 20 Dec 2019 21:10:08 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1iiPXE-0008R3-Vl AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Fri, 20 Dec 2019 21:10:24 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <mc2fsexq93L.A.26F.AjT_dB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4591-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
December 20, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : cyrus-sasl2
CVE ID : CVE-2019-19906
Debian Bug : 947043

Stephan Zeisberg reported an out-of-bounds write vulnerability in the
_sasl_add_string() function in cyrus-sasl2, a library implementing the
Simple Authentication and Security Layer. A remote attacker can take
advantage of this issue to cause denial-of-service conditions for
applications using the library.

For the oldstable distribution (stretch), this problem has been fixed
in version 2.1.27~101-g0780600+dfsg-3+deb9u1.

For the stable distribution (buster), this problem has been fixed in
version 2.1.27+dfsg-1+deb10u1.

We recommend that you upgrade your cyrus-sasl2 packages.

For the detailed security status of cyrus-sasl2 please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/cyrus-sasl2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl39OA1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Q0kA//dEij3BH9LlmpcsH9zjny8P0DjsykncN+4w4hJHAzHi6dJfStBEH7cDy+
YdeMJQP5g3ckTL6hT+MDY3TX38jjDoUM/DHJX+d/B28dFyhyrTK3SUccjUBCn5XK
KSr8nspBgCuLAjXoN+u5roewz5/XGh9YCOQO3ZsVHeBRw4xrYyGqFTk/3mLw5hnn
2K3T7QgFCJzQgM4h0y/4CRfAR6pLLdworDtOrw8s40bIQ6ZJGEw8fDUqGjRwbHJC
rxlWPEkgbTl/I8N4Z8Ns/HPa8PF1/qWUvhcT0MFAxm/9F6cMK6Xp1roDyhcXAvNC
JpW1ieecHA7lB2FRs1/AHovbHQUre9MUmPNA2wGI11rJe68YciTdR289DQ0tvvxs
2r13vohK86Q+AEMvCWnSGyTTKM7Hj18HDZgMYCdvm4K0U4W/oGhCxNSUYIUxBVv3
Z/Jou12LwwKlASbuqtfIaSxUUQLagOVKy85WP9O4+gSWApCmlULNT4rz3iVIjIjp
1T5vTnlobUREQJYtxofQ4g1SWEFCQirw5iekbPHqOnfbfmOXd4dJd93rgQMyhLAr
+TFqUQBqqJyp3bS3di719taL39vNDiEmBbhT9jPAqYOVB9Kx+dK+GXXKs3XgEJPp
38x8B+ufRQdX/U/wlkspkTEWEiILHPiv+uS2FWGfNQIjcNLl8Rg=
=GOx0
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4591-1] cyrus-sasl2 security update, Salvatore Bonaccorso, 20.12.2019

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang