openSUSE-SU-2022:0743-1

Опубликовано: 07 мар. 2022

Источник: suse-cvrf

Описание

Security update for cyrus-sasl

This update for cyrus-sasl fixes the following issues:

CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036).

The following non-security bugs were fixed:

postfix: sasl authentication with password fails (bsc#1194265).

Список пакетов

openSUSE Leap 15.3

cyrus-sasl-2.1.27-150300.4.6.1

cyrus-sasl-32bit-2.1.27-150300.4.6.1

cyrus-sasl-bdb-2.1.27-150300.4.6.1

cyrus-sasl-bdb-crammd5-2.1.27-150300.4.6.1

cyrus-sasl-bdb-devel-2.1.27-150300.4.6.1

cyrus-sasl-bdb-digestmd5-2.1.27-150300.4.6.1

cyrus-sasl-bdb-gs2-2.1.27-150300.4.6.1

cyrus-sasl-bdb-gssapi-2.1.27-150300.4.6.1

cyrus-sasl-bdb-ntlm-2.1.27-150300.4.6.1

cyrus-sasl-bdb-otp-2.1.27-150300.4.6.1

cyrus-sasl-bdb-plain-2.1.27-150300.4.6.1

cyrus-sasl-bdb-scram-2.1.27-150300.4.6.1

cyrus-sasl-crammd5-2.1.27-150300.4.6.1

cyrus-sasl-crammd5-32bit-2.1.27-150300.4.6.1

cyrus-sasl-devel-2.1.27-150300.4.6.1

cyrus-sasl-devel-32bit-2.1.27-150300.4.6.1

cyrus-sasl-digestmd5-2.1.27-150300.4.6.1

cyrus-sasl-digestmd5-32bit-2.1.27-150300.4.6.1

cyrus-sasl-gs2-2.1.27-150300.4.6.1

cyrus-sasl-gssapi-2.1.27-150300.4.6.1

cyrus-sasl-gssapi-32bit-2.1.27-150300.4.6.1

cyrus-sasl-ldap-auxprop-2.1.27-150300.4.6.1

cyrus-sasl-ldap-auxprop-32bit-2.1.27-150300.4.6.1

cyrus-sasl-ldap-auxprop-bdb-2.1.27-150300.4.6.1

cyrus-sasl-ntlm-2.1.27-150300.4.6.1

cyrus-sasl-otp-2.1.27-150300.4.6.1

cyrus-sasl-otp-32bit-2.1.27-150300.4.6.1

cyrus-sasl-plain-2.1.27-150300.4.6.1

cyrus-sasl-plain-32bit-2.1.27-150300.4.6.1

cyrus-sasl-saslauthd-2.1.27-150300.4.6.1

cyrus-sasl-saslauthd-bdb-2.1.27-150300.4.6.1

cyrus-sasl-scram-2.1.27-150300.4.6.1

cyrus-sasl-sqlauxprop-2.1.27-150300.4.6.1

cyrus-sasl-sqlauxprop-32bit-2.1.27-150300.4.6.1

cyrus-sasl-sqlauxprop-bdb-2.1.27-150300.4.6.1

libsasl2-3-2.1.27-150300.4.6.1

libsasl2-3-32bit-2.1.27-150300.4.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BPABQLPWLWVSDVE54YNNZUHMKWEV6F3X/
E-Mail link for openSUSE-SU-2022:0743-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1194265
SUSE Bug 1194265
https://bugzilla.suse.com/1196036
SUSE Bug 1196036
https://www.suse.com/security/cve/CVE-2022-24407/
SUSE CVE CVE-2022-24407 page

Описание

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

Затронутые продукты

openSUSE Leap 15.3:cyrus-sasl-2.1.27-150300.4.6.1

openSUSE Leap 15.3:cyrus-sasl-32bit-2.1.27-150300.4.6.1

openSUSE Leap 15.3:cyrus-sasl-bdb-2.1.27-150300.4.6.1

openSUSE Leap 15.3:cyrus-sasl-bdb-crammd5-2.1.27-150300.4.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-24407.html
CVE-2022-24407
https://bugzilla.suse.com/1196036
SUSE Bug 1196036
https://bugzilla.suse.com/1198600
SUSE Bug 1198600
https://bugzilla.suse.com/1199112
SUSE Bug 1199112
https://bugzilla.suse.com/1199494
SUSE Bug 1199494
https://bugzilla.suse.com/1200197
SUSE Bug 1200197
https://bugzilla.suse.com/1200200
SUSE Bug 1200200
https://bugzilla.suse.com/1225034
SUSE Bug 1225034
https://bugzilla.suse.com/1225669
SUSE Bug 1225669

openSUSE-SU-2022:0743-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2022-24407

Описание

Затронутые продукты

Ссылки