Описание
ELSA-2020-4497: cyrus-sasl security, bug fix, and enhancement update (MODERATE)
[2.1.27-5]
- Reduce excessive GSSAPI plugin logging
- Resolves: rhbz#1274734
[2.1.27-4]
- Add support for setting maxssf=0 in GSS-SPNEGO
- Resolves: rhbz#1822133
[2.1.27-3]
- Backport GSSAPI Channel Bindings support
- Resolves: rhbz#1817054
[2.1.27-2]
- Backport fix for CVE-2019-19906
- Resolves: rhbz#1804036
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
cyrus-sasl
2.1.27-5.el8
cyrus-sasl-devel
2.1.27-5.el8
cyrus-sasl-gs2
2.1.27-5.el8
cyrus-sasl-gssapi
2.1.27-5.el8
cyrus-sasl-ldap
2.1.27-5.el8
cyrus-sasl-lib
2.1.27-5.el8
cyrus-sasl-md5
2.1.27-5.el8
cyrus-sasl-ntlm
2.1.27-5.el8
cyrus-sasl-plain
2.1.27-5.el8
cyrus-sasl-scram
2.1.27-5.el8
cyrus-sasl-sql
2.1.27-5.el8
Oracle Linux x86_64
cyrus-sasl
2.1.27-5.el8
cyrus-sasl-devel
2.1.27-5.el8
cyrus-sasl-gs2
2.1.27-5.el8
cyrus-sasl-gssapi
2.1.27-5.el8
cyrus-sasl-ldap
2.1.27-5.el8
cyrus-sasl-lib
2.1.27-5.el8
cyrus-sasl-md5
2.1.27-5.el8
cyrus-sasl-ntlm
2.1.27-5.el8
cyrus-sasl-plain
2.1.27-5.el8
cyrus-sasl-scram
2.1.27-5.el8
cyrus-sasl-sql
2.1.27-5.el8
Связанные CVE
Связанные уязвимости
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading ...