Download
| Alert*
oval:org.secpod.oval:def:1801649
cyrus-sasl is installed oval:org.secpod.oval:def:1600097 Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service via an invalid salt or, when FIPS-140 is enabled, a DES or MD5 encr ... oval:org.secpod.oval:def:1600098 cyrus-sasl is installed oval:org.secpod.oval:def:89002956 This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet . oval:org.secpod.oval:def:504745 The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer . SASL is a method for adding authentication support to connection-based protocols. Security Fix: * cyrus-sasl: denial of service in _sasl_add_string function For more details about the security iss ... oval:org.secpod.oval:def:67969 The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer . SASL is a method for adding authentication support to connection-based protocols. Security Fix: * cyrus-sasl: denial of service in _sasl_add_string function For more details about the security iss ... oval:org.secpod.oval:def:506847 The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer . SASL is a method for adding authentication support to connection-based protocols. Security Fix: * cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL comman ... oval:org.secpod.oval:def:19500127 A flaw was found in the SQL plugin shipped with Cyrus SASL. Failure to properly escape the SQL input allows a remote attacker to execute arbitrary SQL commands. This issue can lead to the escalation of privileges oval:org.secpod.oval:def:3300648 SUSE Security Update: Security update for cyrus-sasl oval:org.secpod.oval:def:2500590 The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer . SASL is a method for adding authentication support to connection-based protocols. oval:org.secpod.oval:def:1700866 A flaw was found in the SQL plugin shipped with Cyrus SASL. Failure to properly escape the SQL input allows a remote attacker to execute arbitrary SQL commands. This issue can lead to the escalation of privileges oval:org.secpod.oval:def:89046024 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c . oval:org.secpod.oval:def:89046069 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c . oval:org.secpod.oval:def:89047411 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c . The following non-security bugs were fixed: - postfix: sasl authentication with password fails . oval:org.secpod.oval:def:89046065 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c . oval:org.secpod.oval:def:89046051 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c . oval:org.secpod.oval:def:2500067 The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer . SASL is a method for adding authentication support to connection-based protocols. oval:org.secpod.oval:def:97605 [CLSA-2022:1646060797] Fixed CVE-2022-24407 in cyrus-sasl |