| Package | cyrus-sasl2 |
|---|---|
| Version | 2.1.26.dfsg1-13+deb8u3 |
| Related CVEs | CVE-2022-24407 |
It was discovered that the SQL plugin in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer, is prone to a SQL injection attack. An authenticated remote attacker can take advantage of this flaw to execute arbitrary SQL commands and for privilege escalation.
For Debian 8 jessie, these problems have been fixed in version 2.1.26.dfsg1-13+deb8u3.
We recommend that you upgrade your cyrus-sasl2 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.