{"schema_version":"1.7.2","id":"OESA-2024-1444","modified":"2024-04-12T11:07:43Z","published":"2024-04-12T11:07:43Z","upstream":["CVE-2022-2469"],"summary":"libgsasl security update","details":"The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms.\r\n\r\nSecurity Fix(es):\r\n\r\nGNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client(CVE-2022-2469)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP1","name":"libgsasl","purl":"pkg:rpm/openEuler/libgsasl\u0026distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.1-2.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["libgsasl-debugsource-1.8.1-2.oe2203sp1.aarch64.rpm","libgsasl-devel-1.8.1-2.oe2203sp1.aarch64.rpm","libgsasl-debuginfo-1.8.1-2.oe2203sp1.aarch64.rpm","libgsasl-1.8.1-2.oe2203sp1.aarch64.rpm"],"src":["libgsasl-1.8.1-2.oe2203sp1.src.rpm"],"x86_64":["libgsasl-1.8.1-2.oe2203sp1.x86_64.rpm","libgsasl-debuginfo-1.8.1-2.oe2203sp1.x86_64.rpm","libgsasl-debugsource-1.8.1-2.oe2203sp1.x86_64.rpm","libgsasl-devel-1.8.1-2.oe2203sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1444"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2469"}],"database_specific":{"severity":"High"}}