Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 703628 (CVE-2019-19906) - <dev-libs/cyrus-sasl-2.1.27-r3: off-by-one error in _sasl_add_string in common.c (CVE-2019-19906)
Summary: <dev-libs/cyrus-sasl-2.1.27-r3: off-by-one error in _sasl_add_string in commo...
Status: RESOLVED FIXED
Alias: CVE-2019-19906
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-12-23 21:31 UTC by GLSAMaker/CVETool Bot
Modified: 2020-05-04 01:19 UTC (History)
0 users

See Also:
Package list:
dev-libs/cyrus-sasl-2.1.27-r3
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-12-23 21:31:36 UTC 
CVE-2019-19906 (https://nvd.nist.gov/vuln/detail/CVE-2019-19906):
  cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to
  unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP
  packet. The OpenLDAP crash is ultimately caused by an off-by-one error in
  _sasl_add_string in common.c in cyrus-sasl.
Comment 1 Larry the Git Cow gentoo-dev 2019-12-23 21:41:50 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ec41e92e4aec19aa605f5d410ba06cc86e7b48f0

commit ec41e92e4aec19aa605f5d410ba06cc86e7b48f0
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-12-23 21:34:38 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-12-23 21:34:54 +0000

    dev-libs/cyrus-sasl: fix CVE-2019-19906
    
    Bug: https://bugs.gentoo.org/703628
    Package-Manager: Portage-2.3.82, Repoman-2.3.20
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r3.ebuild    | 259 +++++++++++++++++++++
 .../files/cyrus-sasl-2.1.27-CVE-2019-19906.patch   |  20 ++
 2 files changed, 279 insertions(+)
Comment 2 Agostino Sarubbo gentoo-dev 2019-12-24 10:56:38 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2019-12-24 11:09:55 UTC 
x86 stable
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-12-24 14:35:06 UTC 
arm stable
Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev 2019-12-25 21:06:13 UTC 
hppa/ia64 stable
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2019-12-25 21:12:18 UTC 
arm64 stable
Comment 7 Rolf Eike Beer archtester 2019-12-26 10:10:59 UTC 
sparc stable
Comment 8 Agostino Sarubbo gentoo-dev 2019-12-30 16:13:45 UTC 
ppc stable
Comment 9 Agostino Sarubbo gentoo-dev 2019-12-31 08:18:52 UTC 
ppc64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2020-01-03 12:31:06 UTC 
s390 stable
Comment 11 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-19 04:43:04 UTC 
@sh: ping
Comment 12 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-03-26 14:08:22 UTC 
SuperH port disbanded.
Comment 13 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-26 18:13:33 UTC 
@maintainer(s), please cleanup by dropping vulnerable version 2.1.27-r2 now that sh has been dropped.
Comment 14 NATTkA bot gentoo-dev 2020-04-06 14:59:50 UTC 
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Comment 15 Larry the Git Cow gentoo-dev 2020-04-10 10:30:20 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83563a05b16a5987e79fe16af030bc0332933d04

commit 83563a05b16a5987e79fe16af030bc0332933d04
Author:     Sam James (sam_c) <sam@cmpct.info>
AuthorDate: 2020-04-09 03:29:52 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2020-04-10 10:30:03 +0000

    dev-libs/cyrus-sasl: drop vulnerable
    
    Bug: https://bugs.gentoo.org/703628
    Package-Manager: Portage-2.3.89, Repoman-2.3.20
    Signed-off-by: Sam James (sam_c) <sam@cmpct.info>
    Closes: https://github.com/gentoo/gentoo/pull/15271
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r2.ebuild | 259 ------------------------
 1 file changed, 259 deletions(-)
Comment 16 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-10 10:54:53 UTC 
Cleanup done. Adding [cve] because the bot filed this.