[SECURITY] [DLA 2931-1] cyrus-sasl2 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2931-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
March 06, 2022 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : cyrus-sasl2
Version : 2.1.27~101-g0780600+dfsg-3+deb9u2
CVE ID : CVE-2022-24407
It was discovered that the SQL plugin in cyrus-sasl2, a library
implementing the Simple Authentication and Security Layer, is prone to a
SQL injection attack. An authenticated remote attacker can take advantage
of this flaw to execute arbitrary SQL commands and for privilege
escalation.
For Debian 9 stretch, this problem has been fixed in version
2.1.27~101-g0780600+dfsg-3+deb9u2.
We recommend that you upgrade your cyrus-sasl2 packages.
For the detailed security status of cyrus-sasl2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cyrus-sasl2
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmIk7ClfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfyyRAArM4vk5mBRWyzseYURK+8XDxpbM4Bpp7kCjf+rL13+5UVRcpufXjl6yVN
o170RBZ3YCmZEzR+Any2FIhjE/6Ar/MlglcjFjXpdv3vMYOM1DlMlapuDgmt+CeU
ATjM1Aa6CB5JFlEQxWfnCxK8IGU4AtKwC+1sQZPD9i2sUWukLZpBWurzoz2fMc3e
VhN+meXWd9HQ9wh27tnEEISz1EHCSWTeGK3vNQbkNcBGIa4E0px+6AebFFGZWSAt
RqTyw8xkxEU7PAWKiMm39Ed4q0Lk0BkKhzQRi0MOgi3noPhbB6vKaplqV0ulh2h9
1gUx6FPu5/rHLDH6yeNOD4h1p5MRIh6D9RgiOilLfmnxfZ4ndVCbgdpQSMcJN9K7
XeKBjp+MaMpAb8wV9PEJMeAv4XLvxCy+2VLBIHLyzuoyAVUKV5sfDM4MSBa2ZSJB
lGkGEcpXvyHi3o9l5/YrsEAzykKOfyRg2mxSLXwdo0D2cUmxPKMqEUMPd23k13LJ
CTKr7lgerqW6EIBD1Uu5ezIB+yxOwhCUIh5dyXbo96jM5Kv+zCfFByFdT4qhDa7h
+bklZ93NEx52aaJrEOintytrzoPU3qacIwhYqgkoFZvPW8KMoohDlLOSUlspYQRZ
b/IjU6FvXlRSfV8Z/eA9XDGNExDWcflqPVjE+DnG2taQsbpJi/c=
=brOw
-----END PGP SIGNATURE-----
Reply to: