Errata overview
Errata ID 628
Date 2020-01-15
Source package cyrus-sasl2
Fixed in version 2.1.27~101-g0780600+dfsg-3+deb9u1
This update addresses the following issue:
* Cyrus SASL has an out-of-bounds write leading to unauthenticated remote
  denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP
  crash is ultimately caused by an off-by-one error in _sasl_add_string in
  common.c in cyrus-sasl. (CVE-2019-19906)
Additional notes
CVE ID CVE-2019-19906
UCS Bug number #50680