|
|
Log in / Subscribe / Register

Ubuntu alert USN-8356-1 (gsasl)



From:
              noreply+usn-bot--- via ubuntu-security-announce <ubuntu-security-announce@lists.ubuntu.com>


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-8356-1] GNU SASL vulnerability


Date:
              Mon, 01 Jun 2026 18:06:43 +0000


Message-ID:
              <E1wU72B-0000Mn-De@lists.ubuntu.com>


Cc:
              noreply+usn-bot@canonical.com


==========================================================================
Ubuntu Security Notice USN-8356-1
June 01, 2026

gsasl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS

Summary:

GNU SASL could be made to crash if it received specially crafted input.

Software Description:
- gsasl: Simple Authentication and Security Layer framework

Details:

It was discovered that GNU SASL did not properly handle certain DIGEST-MD5
tokens. An attacker could possibly use this issue to cause GNU SASL to
crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  gsasl                           2.2.2-4ubuntu1.1
  libgsasl18                      2.2.2-4ubuntu1.1

Ubuntu 25.10
  gsasl                           2.2.2-2ubuntu1.1
  libgsasl18                      2.2.2-2ubuntu1.1

Ubuntu 24.04 LTS
  gsasl                           2.2.1-1willsync1ubuntu0.1
  libgsasl18                      2.2.1-1willsync1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8356-1
  CVE-2026-48829

Package Information:
  https://launchpad.net/ubuntu/+source/gsasl/2.2.2-4ubuntu1.1
  https://launchpad.net/ubuntu/+source/gsasl/2.2.2-2ubuntu1.1
  https://launchpad.net/ubuntu/+source/gsasl/2.2.1-1willsyn...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmodxg0ACgkQcpJm3tlz
hgEFew//Vyc7XYfwnocZcEJODUD1esdxsZ46UB4WWXtYh3/SGzXKWBgp0P8VNQzX
pKc/TAd5OFyt/n5+3Aj+P0209brq0CHG1VWl03qXbR93oWSK7miX3+ZurcAaDAJv
rPwdutfKK54Yk4uVF0L2cJpRBtq4lVx5V/2wkogRgdH4h6Y2MTclZTUo8TF99rB/
6UFSw00RxRYuF+pTh0jmj8y78w0RydQu8Kt1meBZzFcdv0OcMa67+MtJ+Oy0nXag
qn3yzqZKCpBV1PywOMt1TIAI6vQGOc2s+UZ4bQMIVWACdG4xLHrhlpTSI12vy3mn
oXwN1m8Y8HHFwAEW2BxdMSnEHkFJy7tdAxRpgZjL58CcRMhztX0/GgEdtnorp/IB
ah5xcnal8X0GBotQMv4d4Y/O20W2+/5zvp2VQ37tb3U4vpRDjg/Bfysr8B1MZdaU
hAzLt7q3JVDn+YXCA8L5VUR/aQhpN7aWYfsmvZGOIlBPjf19UH15wvt3IiZnGDOn
cVaOJdBueMrvb623gTSLrYtPQEYNbVNmNlqwZR3fFOwXaOugqC00WK8B8lV5DL8i
FLkCT4ocnOx7oYXZ0YRLkbm6ZDdoEnZc/VN41CwHT3CVh6a44JQ+1DRp7n6+1o8A
75iQXnY6Q1UQq60wb97+CtodqvfNaZpgjswlgHLzrf8ORmdfUUk=
=rpsa
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds