ALSA-2022:0658

See a problem?
Please try reporting it to the source first.
Source
https://errata.almalinux.org/8/ALSA-2022-0658.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0658.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2022:0658
Related
Published
2022-02-23T13:33:12Z
Modified
2022-02-23T22:48:10Z
Summary
Important: cyrus-sasl security update
Details

The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer (SASL). SASL is a method for adding authentication support to connection-based protocols.

Security Fix(es):

  • cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands (CVE-2022-24407)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:8 / cyrus-sasl

Package

Name
cyrus-sasl

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.27-6.el8_5

AlmaLinux:8 / cyrus-sasl-devel

Package

Name
cyrus-sasl-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.27-6.el8_5

AlmaLinux:8 / cyrus-sasl-gs2

Package

Name
cyrus-sasl-gs2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.27-6.el8_5

AlmaLinux:8 / cyrus-sasl-gssapi

Package

Name
cyrus-sasl-gssapi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.27-6.el8_5

AlmaLinux:8 / cyrus-sasl-ldap

Package

Name
cyrus-sasl-ldap

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.27-6.el8_5

AlmaLinux:8 / cyrus-sasl-lib

Package

Name
cyrus-sasl-lib

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.27-6.el8_5

AlmaLinux:8 / cyrus-sasl-md5

Package

Name
cyrus-sasl-md5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.27-6.el8_5

AlmaLinux:8 / cyrus-sasl-ntlm

Package

Name
cyrus-sasl-ntlm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.27-6.el8_5

AlmaLinux:8 / cyrus-sasl-plain

Package

Name
cyrus-sasl-plain

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.27-6.el8_5

AlmaLinux:8 / cyrus-sasl-scram

Package

Name
cyrus-sasl-scram

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.27-6.el8_5

AlmaLinux:8 / cyrus-sasl-sql

Package

Name
cyrus-sasl-sql

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.27-6.el8_5