SUSE-SU-2020:3939-1

UNKNOWN

Security update for cyrus-sasl

Published Dec 28, 2020

Modified 5 years ago

Fix available

Details

This update for cyrus-sasl fixes the following issues:

CVE-2019-19906: Fixed an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet (bsc#1159635).

Affected Packages(15 packages)

cyrus-sasl

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

2.1.26-8.13.1

cyrus-sasl-32bit

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

2.1.26-8.13.1

cyrus-sasl-crammd5

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

2.1.26-8.13.1

cyrus-sasl-crammd5-32bit

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

2.1.26-8.13.1

cyrus-sasl-digestmd5

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

2.1.26-8.13.1

cyrus-sasl-gssapi

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

2.1.26-8.13.1

cyrus-sasl-gssapi-32bit

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

2.1.26-8.13.1

cyrus-sasl-otp

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

2.1.26-8.13.1

cyrus-sasl-otp-32bit

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

2.1.26-8.13.1

cyrus-sasl-plain

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

2.1.26-8.13.1

References

REPORT

https://bugzilla.suse.com/1159635

WEB

https://www.suse.com/security/cve/CVE-2019-19906

ADVISORY

https://www.suse.com/support/update/announcement/2020/suse-su-20203939-1/

Upstream

CVE-2019-19906

Ecosystems(19)

SUSE Enterprise Storage 5 SUSE HPE Helion OpenStack 8 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3-BCL

Timeline

PublishedDec 28, 2020

ModifiedDec 28, 2020

SUSE-SU-2020:3939-1 | Mondoo Vulnerability Intelligence