drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in cyrus-sasl
Name: |
Denial of Service in cyrus-sasl |
|
ID: |
RHSA-2020:4497-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux |
|
Datum: |
Mi, 4. November 2020, 10:59 |
|
Referenzen: |
https://access.redhat.com/security/cve/CVE-2019-19906 |
|
Applikationen: |
Cyrus SASL |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: cyrus-sasl security, bug fix, and enhancement update Advisory ID: RHSA-2020:4497-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4497 Issue date: 2020-11-03 CVE Names: CVE-2019-19906 =====================================================================
1. Summary:
An update for cyrus-sasl is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer (SASL). SASL is a method for adding authentication support to connection-based protocols.
Security Fix(es):
* cyrus-sasl: denial of service in _sasl_add_string function (CVE-2019-19906)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1791854 - CVE-2019-19906 cyrus-sasl: denial of service in _sasl_add_string function 1817054 - RFE: support for Channel Bindings in SASL/GSSAPI 1822133 - Fix GSS-SPNEGO in TLS with maxssf=0 to work against Windows servers
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
aarch64: cyrus-sasl-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-debugsource-2.1.27-5.el8.aarch64.rpm cyrus-sasl-devel-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-gs2-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-ldap-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-lib-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-md5-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-plain-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-scram-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-sql-2.1.27-5.el8.aarch64.rpm cyrus-sasl-sql-debuginfo-2.1.27-5.el8.aarch64.rpm
ppc64le: cyrus-sasl-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-debugsource-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-devel-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-gs2-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-ldap-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-lib-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-md5-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-plain-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-scram-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-sql-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-sql-debuginfo-2.1.27-5.el8.ppc64le.rpm
s390x: cyrus-sasl-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-debugsource-2.1.27-5.el8.s390x.rpm cyrus-sasl-devel-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-gs2-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-ldap-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-lib-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-md5-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-plain-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-scram-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-sql-2.1.27-5.el8.s390x.rpm cyrus-sasl-sql-debuginfo-2.1.27-5.el8.s390x.rpm
x86_64: cyrus-sasl-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-debugsource-2.1.27-5.el8.i686.rpm cyrus-sasl-debugsource-2.1.27-5.el8.x86_64.rpm cyrus-sasl-devel-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-devel-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-gs2-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-gs2-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-ldap-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-ldap-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-lib-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-lib-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-md5-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-md5-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-plain-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-plain-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-scram-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-scram-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-sql-2.1.27-5.el8.i686.rpm cyrus-sasl-sql-2.1.27-5.el8.x86_64.rpm cyrus-sasl-sql-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-sql-debuginfo-2.1.27-5.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source: cyrus-sasl-2.1.27-5.el8.src.rpm
aarch64: cyrus-sasl-2.1.27-5.el8.aarch64.rpm cyrus-sasl-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-debugsource-2.1.27-5.el8.aarch64.rpm cyrus-sasl-devel-2.1.27-5.el8.aarch64.rpm cyrus-sasl-devel-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-gs2-2.1.27-5.el8.aarch64.rpm cyrus-sasl-gs2-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-gssapi-2.1.27-5.el8.aarch64.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-ldap-2.1.27-5.el8.aarch64.rpm cyrus-sasl-ldap-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-lib-2.1.27-5.el8.aarch64.rpm cyrus-sasl-lib-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-md5-2.1.27-5.el8.aarch64.rpm cyrus-sasl-md5-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-ntlm-2.1.27-5.el8.aarch64.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-plain-2.1.27-5.el8.aarch64.rpm cyrus-sasl-plain-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-scram-2.1.27-5.el8.aarch64.rpm cyrus-sasl-scram-debuginfo-2.1.27-5.el8.aarch64.rpm cyrus-sasl-sql-debuginfo-2.1.27-5.el8.aarch64.rpm
ppc64le: cyrus-sasl-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-debugsource-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-devel-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-devel-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-gs2-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-gs2-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-gssapi-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-ldap-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-ldap-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-lib-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-lib-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-md5-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-md5-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-ntlm-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-plain-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-plain-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-scram-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-scram-debuginfo-2.1.27-5.el8.ppc64le.rpm cyrus-sasl-sql-debuginfo-2.1.27-5.el8.ppc64le.rpm
s390x: cyrus-sasl-2.1.27-5.el8.s390x.rpm cyrus-sasl-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-debugsource-2.1.27-5.el8.s390x.rpm cyrus-sasl-devel-2.1.27-5.el8.s390x.rpm cyrus-sasl-devel-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-gs2-2.1.27-5.el8.s390x.rpm cyrus-sasl-gs2-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-gssapi-2.1.27-5.el8.s390x.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-ldap-2.1.27-5.el8.s390x.rpm cyrus-sasl-ldap-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-lib-2.1.27-5.el8.s390x.rpm cyrus-sasl-lib-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-md5-2.1.27-5.el8.s390x.rpm cyrus-sasl-md5-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-ntlm-2.1.27-5.el8.s390x.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-plain-2.1.27-5.el8.s390x.rpm cyrus-sasl-plain-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-scram-2.1.27-5.el8.s390x.rpm cyrus-sasl-scram-debuginfo-2.1.27-5.el8.s390x.rpm cyrus-sasl-sql-debuginfo-2.1.27-5.el8.s390x.rpm
x86_64: cyrus-sasl-2.1.27-5.el8.i686.rpm cyrus-sasl-2.1.27-5.el8.x86_64.rpm cyrus-sasl-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-debugsource-2.1.27-5.el8.i686.rpm cyrus-sasl-debugsource-2.1.27-5.el8.x86_64.rpm cyrus-sasl-devel-2.1.27-5.el8.i686.rpm cyrus-sasl-devel-2.1.27-5.el8.x86_64.rpm cyrus-sasl-devel-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-devel-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-gs2-2.1.27-5.el8.i686.rpm cyrus-sasl-gs2-2.1.27-5.el8.x86_64.rpm cyrus-sasl-gs2-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-gs2-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-gssapi-2.1.27-5.el8.i686.rpm cyrus-sasl-gssapi-2.1.27-5.el8.x86_64.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-gssapi-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-ldap-2.1.27-5.el8.i686.rpm cyrus-sasl-ldap-2.1.27-5.el8.x86_64.rpm cyrus-sasl-ldap-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-ldap-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-lib-2.1.27-5.el8.i686.rpm cyrus-sasl-lib-2.1.27-5.el8.x86_64.rpm cyrus-sasl-lib-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-lib-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-md5-2.1.27-5.el8.i686.rpm cyrus-sasl-md5-2.1.27-5.el8.x86_64.rpm cyrus-sasl-md5-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-md5-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-ntlm-2.1.27-5.el8.i686.rpm cyrus-sasl-ntlm-2.1.27-5.el8.x86_64.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-ntlm-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-plain-2.1.27-5.el8.i686.rpm cyrus-sasl-plain-2.1.27-5.el8.x86_64.rpm cyrus-sasl-plain-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-plain-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-scram-2.1.27-5.el8.i686.rpm cyrus-sasl-scram-2.1.27-5.el8.x86_64.rpm cyrus-sasl-scram-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-scram-debuginfo-2.1.27-5.el8.x86_64.rpm cyrus-sasl-sql-debuginfo-2.1.27-5.el8.i686.rpm cyrus-sasl-sql-debuginfo-2.1.27-5.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX6IyudzjgjWX9erEAQiCchAAk9UcA1A60Ye4AUEN/OmG2f6Hy5r+SmzR 0YAj08OcsXQytuhblmMueb3qqPdm6nidIWDm9TLV+R5v599FHRJL+idM8ltQILXu py3GpKJpAkr2Z8dtnPjDw3Mn9/vO9DEjaBecDj+Bnwa6oGA4yb2JPHGdyxxITH9z PaMZVzfFzROptye6EHv3NfZ4Ci4Tlk2wnJtvuvdffyvq+uMvTwDktyshmZNAXfeu O/YHZaGjcnSG7g481s5wlD7aQFgMqN/re9GI5N5Ub6x4Ah13HfrEJ+FgDbu7S5yJ wsnOICbyCP7omRaz9BUE8tHKv4+1tInH1grpys/OwSEhrddJajeaRVjst1Se1Dtt WKzSnFbXJn+pM9BvNrU532rTszyuCbbTPOTfABE6TNiDeLilX8Ehs92zqyJfP9WI 7BFywYyVhZ1itG6wDQ2si8qzrzA4+tSHyGnFDyFJF+tjlBd/NCEwsAsEAzDzGoHl akWbqxzDNtfJHM8Mlv1AB4omVQcxIJU+BN+gGEt6ibNzUqFxK1b6Vc/EUEhOv6fs omHD+rfpJIidV+4K9GWiH8wGuvh+Glgwe0NtyQZYzBVXay/CH7GMeaK+z3JAeVFp 9DKKJARpaxoXy+uzaIREOSApq/0zzZbD+zvqV7aUPsGpNEgY+5ZZjRy0NoX3qkY4 J9dasIlxe08= =/h9c -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
|
|
|
|