Release Info

Advisory: CLSA-2022:1646061262

OS: Ubuntu 16.04 ELS

Public date: 2022-02-28 00:00:00

Project: cyrus-sasl2

Version: 2.1.26.dfsg1-14ubuntu0.2+tuxcare.els1

Errata link: https://errata.cloudlinux.com/ubuntu16-els/CLSA-2022-1646061262.html

Changelog

* SECURITY UPDATE: SQL injection in SQL plugin - debian/patches/CVE-2022-24407.patch: escape password for SQL insert/update commands in plugins/sql.c. - CVE-2022-24407

Update

Update command: apt-get update apt-get --only-upgrade install cyrus-sasl*

Packages list

cyrus-sasl2-doc_2.1.26.dfsg1-14ubuntu0.2+tuxcare.els1_all.deb libsasl2-2_2.1.26.dfsg1-14ubuntu0.2+tuxcare.els1_amd64.deb libsasl2-dev_2.1.26.dfsg1-14ubuntu0.2+tuxcare.els1_amd64.deb libsasl2-modules_2.1.26.dfsg1-14ubuntu0.2+tuxcare.els1_amd64.deb libsasl2-modules-db_2.1.26.dfsg1-14ubuntu0.2+tuxcare.els1_amd64.deb libsasl2-modules-gssapi-heimdal_2.1.26.dfsg1-14ubuntu0.2+tuxcare.els1_amd64.deb libsasl2-modules-gssapi-mit_2.1.26.dfsg1-14ubuntu0.2+tuxcare.els1_amd64.deb libsasl2-modules-ldap_2.1.26.dfsg1-14ubuntu0.2+tuxcare.els1_amd64.deb libsasl2-modules-otp_2.1.26.dfsg1-14ubuntu0.2+tuxcare.els1_amd64.deb libsasl2-modules-sql_2.1.26.dfsg1-14ubuntu0.2+tuxcare.els1_amd64.deb sasl2-bin_2.1.26.dfsg1-14ubuntu0.2+tuxcare.els1_amd64.deb

CVEs

CVE-2022-24407