Bug 703628 (CVE-2019-19906)

Summary:	<dev-libs/cyrus-sasl-2.1.27-r3: off-by-one error in _sasl_add_string in common.c (CVE-2019-19906)
Product:	Gentoo Security	Reporter:	GLSAMaker/CVETool Bot <glsamaker>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://github.com/gentoo/gentoo/pull/15271
Whiteboard:	B3 [noglsa cve]
Package list:	dev-libs/cyrus-sasl-2.1.27-r3	Runtime testing required:	---

Description GLSAMaker/CVETool Bot gentoo-dev

2019-12-23 21:31:36 UTC

CVE-2019-19906 (https://nvd.nist.gov/vuln/detail/CVE-2019-19906):
  cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to
  unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP
  packet. The OpenLDAP crash is ultimately caused by an off-by-one error in
  _sasl_add_string in common.c in cyrus-sasl.

Comment 1 Larry the Git Cow gentoo-dev

2019-12-23 21:41:50 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ec41e92e4aec19aa605f5d410ba06cc86e7b48f0

commit ec41e92e4aec19aa605f5d410ba06cc86e7b48f0
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2019-12-23 21:34:38 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2019-12-23 21:34:54 +0000

    dev-libs/cyrus-sasl: fix CVE-2019-19906
    
    Bug: https://bugs.gentoo.org/703628
    Package-Manager: Portage-2.3.82, Repoman-2.3.20
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r3.ebuild    | 259 +++++++++++++++++++++
 .../files/cyrus-sasl-2.1.27-CVE-2019-19906.patch   |  20 ++
 2 files changed, 279 insertions(+)

Comment 2 Agostino Sarubbo gentoo-dev

2019-12-24 10:56:38 UTC

amd64 stable

Comment 3 Agostino Sarubbo gentoo-dev

2019-12-24 11:09:55 UTC

x86 stable

Comment 4 Mikle Kolyada (RETIRED) archtester

2019-12-24 14:35:06 UTC

arm stable

Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev

2019-12-25 21:06:13 UTC

hppa/ia64 stable

Comment 6 Aaron Bauman (RETIRED) gentoo-dev

2019-12-25 21:12:18 UTC

arm64 stable

Comment 7 Rolf Eike Beer archtester

2019-12-26 10:10:59 UTC

sparc stable

Comment 8 Agostino Sarubbo gentoo-dev

2019-12-30 16:13:45 UTC

ppc stable

Comment 9 Agostino Sarubbo gentoo-dev

2019-12-31 08:18:52 UTC

ppc64 stable

Comment 10 Agostino Sarubbo gentoo-dev

2020-01-03 12:31:06 UTC

s390 stable

Comment 11 Sam James archtester

2020-03-19 04:43:04 UTC

@sh: ping

Comment 12 Mikle Kolyada (RETIRED) archtester

2020-03-26 14:08:22 UTC

SuperH port disbanded.

Comment 13 Sam James archtester

2020-03-26 18:13:33 UTC

@maintainer(s), please cleanup by dropping vulnerable version 2.1.27-r2 now that sh has been dropped.

Comment 14 NATTkA bot gentoo-dev

2020-04-06 14:59:50 UTC

Resetting sanity check; keywords are not fully specified and arches are not CC-ed.

Comment 15 Larry the Git Cow gentoo-dev

2020-04-10 10:30:20 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83563a05b16a5987e79fe16af030bc0332933d04

commit 83563a05b16a5987e79fe16af030bc0332933d04
Author:     Sam James (sam_c) <sam@cmpct.info>
AuthorDate: 2020-04-09 03:29:52 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2020-04-10 10:30:03 +0000

    dev-libs/cyrus-sasl: drop vulnerable
    
    Bug: https://bugs.gentoo.org/703628
    Package-Manager: Portage-2.3.89, Repoman-2.3.20
    Signed-off-by: Sam James (sam_c) <sam@cmpct.info>
    Closes: https://github.com/gentoo/gentoo/pull/15271
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 dev-libs/cyrus-sasl/cyrus-sasl-2.1.27-r2.ebuild | 259 ------------------------
 1 file changed, 259 deletions(-)

Comment 16 Sam James archtester

2020-04-10 10:54:53 UTC

Cleanup done. Adding [cve] because the bot filed this.