USN-4256-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-4256-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4256-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4256-1
Related
Published
2020-01-28T13:00:48.135083Z
Modified
2020-01-28T13:00:48.135083Z
Summary
cyrus-sasl2 vulnerability
Details

It was discovered that Cyrus SASL incorrectly handled certain LDAP packets. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service.

References

Affected packages

Ubuntu:Pro:14.04:LTS / cyrus-sasl2

Package

Name
cyrus-sasl2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.25.dfsg1-17ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "libsasl2-modules-otp": "2.1.25.dfsg1-17ubuntu0.1~esm1",
            "libsasl2-2": "2.1.25.dfsg1-17ubuntu0.1~esm1",
            "libsasl2-modules-gssapi-heimdal": "2.1.25.dfsg1-17ubuntu0.1~esm1",
            "sasl2-bin": "2.1.25.dfsg1-17ubuntu0.1~esm1",
            "libsasl2-modules-db": "2.1.25.dfsg1-17ubuntu0.1~esm1",
            "libsasl2-modules": "2.1.25.dfsg1-17ubuntu0.1~esm1",
            "cyrus-sasl2-doc": "2.1.25.dfsg1-17ubuntu0.1~esm1",
            "libsasl2-modules-gssapi-mit": "2.1.25.dfsg1-17ubuntu0.1~esm1",
            "libsasl2-modules-sql": "2.1.25.dfsg1-17ubuntu0.1~esm1",
            "libsasl2-dev": "2.1.25.dfsg1-17ubuntu0.1~esm1",
            "libsasl2-modules-ldap": "2.1.25.dfsg1-17ubuntu0.1~esm1"
        }
    ]
}

Ubuntu:18.04:LTS / cyrus-sasl2

Package

Name
cyrus-sasl2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.27~101-g0780600+dfsg-3ubuntu2.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "libsasl2-modules-otp": "2.1.27~101-g0780600+dfsg-3ubuntu2.1",
            "libsasl2-2": "2.1.27~101-g0780600+dfsg-3ubuntu2.1",
            "libsasl2-modules-gssapi-heimdal": "2.1.27~101-g0780600+dfsg-3ubuntu2.1",
            "sasl2-bin": "2.1.27~101-g0780600+dfsg-3ubuntu2.1",
            "libsasl2-modules-db": "2.1.27~101-g0780600+dfsg-3ubuntu2.1",
            "libsasl2-modules": "2.1.27~101-g0780600+dfsg-3ubuntu2.1",
            "cyrus-sasl2-doc": "2.1.27~101-g0780600+dfsg-3ubuntu2.1",
            "libsasl2-modules-gssapi-mit": "2.1.27~101-g0780600+dfsg-3ubuntu2.1",
            "libsasl2-modules-sql": "2.1.27~101-g0780600+dfsg-3ubuntu2.1",
            "libsasl2-dev": "2.1.27~101-g0780600+dfsg-3ubuntu2.1",
            "libsasl2-modules-ldap": "2.1.27~101-g0780600+dfsg-3ubuntu2.1"
        }
    ]
}

Ubuntu:16.04:LTS / cyrus-sasl2

Package

Name
cyrus-sasl2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.26.dfsg1-14ubuntu0.2

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "libsasl2-modules-otp": "2.1.26.dfsg1-14ubuntu0.2",
            "libsasl2-2": "2.1.26.dfsg1-14ubuntu0.2",
            "libsasl2-modules-gssapi-heimdal": "2.1.26.dfsg1-14ubuntu0.2",
            "sasl2-bin": "2.1.26.dfsg1-14ubuntu0.2",
            "libsasl2-modules-db": "2.1.26.dfsg1-14ubuntu0.2",
            "libsasl2-modules": "2.1.26.dfsg1-14ubuntu0.2",
            "cyrus-sasl2-doc": "2.1.26.dfsg1-14ubuntu0.2",
            "libsasl2-modules-gssapi-mit": "2.1.26.dfsg1-14ubuntu0.2",
            "libsasl2-modules-sql": "2.1.26.dfsg1-14ubuntu0.2",
            "libsasl2-dev": "2.1.26.dfsg1-14ubuntu0.2",
            "libsasl2-modules-ldap": "2.1.26.dfsg1-14ubuntu0.2"
        }
    ]
}