| Errata ID | 628 |
|---|---|
| Date | 2020-01-15 |
| Source package | cyrus-sasl2 |
| Fixed in version | 2.1.27~101-g0780600+dfsg-3+deb9u1 |
| Description | This update addresses the following issue: * Cyrus SASL has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. (CVE-2019-19906) |
| Additional notes | |
| CVE ID | CVE-2019-19906 |
| UCS Bug number | #50680 |
