{"schema_version":"1.7.2","id":"OESA-2022-1557","modified":"2022-03-07T11:03:35Z","published":"2022-03-07T11:03:35Z","upstream":["CVE-2022-24407"],"summary":"cyrus-sasl security update","details":"The  package contains the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.(CVE-2022-24407)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"cyrus-sasl","purl":"pkg:rpm/openEuler/cyrus-sasl\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.27-12.oe1"}]}],"ecosystem_specific":{"aarch64":["cyrus-sasl-debugsource-2.1.27-12.oe1.aarch64.rpm","cyrus-sasl-md5-2.1.27-12.oe1.aarch64.rpm","cyrus-sasl-devel-2.1.27-12.oe1.aarch64.rpm","cyrus-sasl-gs2-2.1.27-12.oe1.aarch64.rpm","cyrus-sasl-ldap-2.1.27-12.oe1.aarch64.rpm","cyrus-sasl-sql-2.1.27-12.oe1.aarch64.rpm","cyrus-sasl-ntlm-2.1.27-12.oe1.aarch64.rpm","cyrus-sasl-gssapi-2.1.27-12.oe1.aarch64.rpm","cyrus-sasl-debuginfo-2.1.27-12.oe1.aarch64.rpm","cyrus-sasl-lib-2.1.27-12.oe1.aarch64.rpm","cyrus-sasl-plain-2.1.27-12.oe1.aarch64.rpm","cyrus-sasl-scram-2.1.27-12.oe1.aarch64.rpm","cyrus-sasl-2.1.27-12.oe1.aarch64.rpm"],"noarch":["cyrus-sasl-help-2.1.27-12.oe1.noarch.rpm"],"src":["cyrus-sasl-2.1.27-12.oe1.src.rpm"],"x86_64":["cyrus-sasl-gs2-2.1.27-12.oe1.x86_64.rpm","cyrus-sasl-devel-2.1.27-12.oe1.x86_64.rpm","cyrus-sasl-2.1.27-12.oe1.x86_64.rpm","cyrus-sasl-ntlm-2.1.27-12.oe1.x86_64.rpm","cyrus-sasl-lib-2.1.27-12.oe1.x86_64.rpm","cyrus-sasl-plain-2.1.27-12.oe1.x86_64.rpm","cyrus-sasl-sql-2.1.27-12.oe1.x86_64.rpm","cyrus-sasl-gssapi-2.1.27-12.oe1.x86_64.rpm","cyrus-sasl-md5-2.1.27-12.oe1.x86_64.rpm","cyrus-sasl-ldap-2.1.27-12.oe1.x86_64.rpm","cyrus-sasl-scram-2.1.27-12.oe1.x86_64.rpm","cyrus-sasl-debuginfo-2.1.27-12.oe1.x86_64.rpm","cyrus-sasl-debugsource-2.1.27-12.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP2","name":"cyrus-sasl","purl":"pkg:rpm/openEuler/cyrus-sasl\u0026distro=openEuler-20.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.27-14.oe1"}]}],"ecosystem_specific":{"aarch64":["cyrus-sasl-devel-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-scram-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-ldap-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-ntlm-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-gs2-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-debuginfo-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-plain-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-sql-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-lib-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-md5-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-debugsource-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-gssapi-2.1.27-14.oe1.aarch64.rpm"],"noarch":["cyrus-sasl-help-2.1.27-14.oe1.noarch.rpm"],"src":["cyrus-sasl-2.1.27-14.oe1.src.rpm"],"x86_64":["cyrus-sasl-gs2-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-ntlm-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-debuginfo-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-sql-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-scram-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-plain-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-devel-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-debugsource-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-gssapi-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-ldap-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-lib-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-md5-2.1.27-14.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"cyrus-sasl","purl":"pkg:rpm/openEuler/cyrus-sasl\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.27-14.oe1"}]}],"ecosystem_specific":{"aarch64":["cyrus-sasl-gs2-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-gssapi-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-plain-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-debuginfo-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-debugsource-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-ntlm-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-scram-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-devel-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-ldap-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-sql-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-md5-2.1.27-14.oe1.aarch64.rpm","cyrus-sasl-lib-2.1.27-14.oe1.aarch64.rpm"],"noarch":["cyrus-sasl-help-2.1.27-14.oe1.noarch.rpm"],"src":["cyrus-sasl-2.1.27-14.oe1.src.rpm"],"x86_64":["cyrus-sasl-ntlm-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-devel-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-debugsource-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-plain-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-sql-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-gs2-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-debuginfo-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-gssapi-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-md5-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-scram-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-ldap-2.1.27-14.oe1.x86_64.rpm","cyrus-sasl-lib-2.1.27-14.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1557"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24407"}],"database_specific":{"severity":"Critical"}}