ELA-203-1 cyrus-sasl2 security update
Package cyrus-sasl2
Version 2.1.25.dfsg1-6+deb7u2
Related CVE CVE-2019-19906
There has been an out-of-bounds write in Cyrus SASL leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash was ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
For Debian 7 Wheezy, these problems have been fixed in version 2.1.25.dfsg1-6+deb7u2.
We recommend that you upgrade your cyrus-sasl2 packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
A cyrus-sasl2 security update has been released for Debian GNU/Linux 7 Extended LTS