USN-8356-1

Details

It was discovered that GNU SASL did not properly handle certain DIGEST-MD5 tokens. An attacker could possibly use this issue to cause GNU SASL to crash, resulting in a denial of service.

Affected Packages

gsasl

Ubuntu 24.04 LTS

Fixed in:

2.2.1-1willsync1ubuntu0.1

gsasl

Ubuntu 25.10

Fixed in:

2.2.2-2ubuntu1.1

gsasl

Ubuntu 26.04 LTS

Fixed in:

2.2.2-4ubuntu1.1

References

REPORT

https://ubuntu.com/security/CVE-2026-48829

ADVISORY

https://ubuntu.com/security/notices/USN-8356-1