Vulmon
Amazon Linux 2022 Security Advisory: ALAS-2022-035
Advisory Release Date: 2022-03-07 23:57 Pacific
Advisory Updated Date: 2022-03-08 17:50 Pacific
Severity:
Important
References:
CVE-2022-24407
Issue Overview:
A flaw was found in the SQL plugin shipped with Cyrus SASL. Failure to properly escape the SQL input allows a remote attacker to execute arbitrary SQL commands. This issue can lead to the escalation of privileges. (CVE-2022-24407)
Affected Packages:
cyrus-sasl
Issue Correction:
Run dnf update --releasever=2022.0.20220308 cyrus-sasl to update your system.
New Packages:
aarch64:
cyrus-sasl-debugsource-2.1.27-9.amzn2022.aarch64
cyrus-sasl-sql-debuginfo-2.1.27-9.amzn2022.aarch64
cyrus-sasl-sql-2.1.27-9.amzn2022.aarch64
cyrus-sasl-plain-2.1.27-9.amzn2022.aarch64
cyrus-sasl-ntlm-debuginfo-2.1.27-9.amzn2022.aarch64
cyrus-sasl-md5-debuginfo-2.1.27-9.amzn2022.aarch64
cyrus-sasl-ntlm-2.1.27-9.amzn2022.aarch64
cyrus-sasl-scram-2.1.27-9.amzn2022.aarch64
cyrus-sasl-md5-2.1.27-9.amzn2022.aarch64
cyrus-sasl-ldap-debuginfo-2.1.27-9.amzn2022.aarch64
cyrus-sasl-ldap-2.1.27-9.amzn2022.aarch64
cyrus-sasl-gs2-debuginfo-2.1.27-9.amzn2022.aarch64
cyrus-sasl-gs2-2.1.27-9.amzn2022.aarch64
cyrus-sasl-gssapi-2.1.27-9.amzn2022.aarch64
cyrus-sasl-scram-debuginfo-2.1.27-9.amzn2022.aarch64
cyrus-sasl-plain-debuginfo-2.1.27-9.amzn2022.aarch64
cyrus-sasl-debuginfo-2.1.27-9.amzn2022.aarch64
cyrus-sasl-gssapi-debuginfo-2.1.27-9.amzn2022.aarch64
cyrus-sasl-devel-2.1.27-9.amzn2022.aarch64
cyrus-sasl-devel-debuginfo-2.1.27-9.amzn2022.aarch64
cyrus-sasl-2.1.27-9.amzn2022.aarch64
cyrus-sasl-lib-debuginfo-2.1.27-9.amzn2022.aarch64
cyrus-sasl-lib-2.1.27-9.amzn2022.aarch64
i686:
cyrus-sasl-debugsource-2.1.27-9.amzn2022.i686
cyrus-sasl-lib-debuginfo-2.1.27-9.amzn2022.i686
cyrus-sasl-debuginfo-2.1.27-9.amzn2022.i686
cyrus-sasl-lib-2.1.27-9.amzn2022.i686
cyrus-sasl-devel-2.1.27-9.amzn2022.i686
cyrus-sasl-md5-debuginfo-2.1.27-9.amzn2022.i686
cyrus-sasl-2.1.27-9.amzn2022.i686
cyrus-sasl-ntlm-debuginfo-2.1.27-9.amzn2022.i686
cyrus-sasl-plain-debuginfo-2.1.27-9.amzn2022.i686
cyrus-sasl-devel-debuginfo-2.1.27-9.amzn2022.i686
cyrus-sasl-md5-2.1.27-9.amzn2022.i686
cyrus-sasl-sql-debuginfo-2.1.27-9.amzn2022.i686
cyrus-sasl-scram-debuginfo-2.1.27-9.amzn2022.i686
cyrus-sasl-gs2-debuginfo-2.1.27-9.amzn2022.i686
cyrus-sasl-gssapi-debuginfo-2.1.27-9.amzn2022.i686
cyrus-sasl-ldap-debuginfo-2.1.27-9.amzn2022.i686
cyrus-sasl-plain-2.1.27-9.amzn2022.i686
cyrus-sasl-gssapi-2.1.27-9.amzn2022.i686
cyrus-sasl-scram-2.1.27-9.amzn2022.i686
cyrus-sasl-gs2-2.1.27-9.amzn2022.i686
cyrus-sasl-ntlm-2.1.27-9.amzn2022.i686
cyrus-sasl-sql-2.1.27-9.amzn2022.i686
cyrus-sasl-ldap-2.1.27-9.amzn2022.i686
src:
cyrus-sasl-2.1.27-9.amzn2022.src
x86_64:
cyrus-sasl-debuginfo-2.1.27-9.amzn2022.x86_64
cyrus-sasl-debugsource-2.1.27-9.amzn2022.x86_64
cyrus-sasl-ntlm-debuginfo-2.1.27-9.amzn2022.x86_64
cyrus-sasl-plain-debuginfo-2.1.27-9.amzn2022.x86_64
cyrus-sasl-gssapi-2.1.27-9.amzn2022.x86_64
cyrus-sasl-md5-debuginfo-2.1.27-9.amzn2022.x86_64
cyrus-sasl-ldap-debuginfo-2.1.27-9.amzn2022.x86_64
cyrus-sasl-devel-2.1.27-9.amzn2022.x86_64
cyrus-sasl-gssapi-debuginfo-2.1.27-9.amzn2022.x86_64
cyrus-sasl-plain-2.1.27-9.amzn2022.x86_64
cyrus-sasl-lib-2.1.27-9.amzn2022.x86_64
cyrus-sasl-scram-debuginfo-2.1.27-9.amzn2022.x86_64
cyrus-sasl-gs2-debuginfo-2.1.27-9.amzn2022.x86_64
cyrus-sasl-sql-debuginfo-2.1.27-9.amzn2022.x86_64
cyrus-sasl-gs2-2.1.27-9.amzn2022.x86_64
cyrus-sasl-ldap-2.1.27-9.amzn2022.x86_64
cyrus-sasl-sql-2.1.27-9.amzn2022.x86_64
cyrus-sasl-scram-2.1.27-9.amzn2022.x86_64
cyrus-sasl-lib-debuginfo-2.1.27-9.amzn2022.x86_64
cyrus-sasl-md5-2.1.27-9.amzn2022.x86_64
cyrus-sasl-2.1.27-9.amzn2022.x86_64
cyrus-sasl-ntlm-2.1.27-9.amzn2022.x86_64
cyrus-sasl-devel-debuginfo-2.1.27-9.amzn2022.x86_64