Security update for libgsasl

Announcement ID:	SUSE-SU-2022:3561-1
Rating:	moderate
References:	bsc#1201715
Cross-References:	CVE-2022-2469
CVSS scores:	CVE-2022-2469 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-2469 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected Products:	SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.2 Module 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 SUSE Manager Server 4.2 Module 4.2

An update that solves one vulnerability can now be installed.

Description:

This update for libgsasl fixes the following issues:

• CVE-2022-2469: Fixed OOB read in GSSAPI server (bsc#1201715).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Manager Proxy 4.2 Module 4.2
  zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3561=1
• SUSE Manager Server 4.2 Module 4.2
  zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3561=1

Package List:

• SUSE Manager Proxy 4.2 Module 4.2 (aarch64 ppc64le s390x x86_64)
  • libgsasl-debugsource-1.8.0-150300.3.3.1
  • libgsasl7-debuginfo-1.8.0-150300.3.3.1
  • libgsasl7-1.8.0-150300.3.3.1
• SUSE Manager Proxy 4.2 Module 4.2 (noarch)
  • libgsasl-lang-1.8.0-150300.3.3.1
• SUSE Manager Server 4.2 Module 4.2 (aarch64 ppc64le s390x x86_64)
  • libgsasl-debugsource-1.8.0-150300.3.3.1
  • libgsasl7-debuginfo-1.8.0-150300.3.3.1
  • libgsasl7-1.8.0-150300.3.3.1
• SUSE Manager Server 4.2 Module 4.2 (noarch)
  • libgsasl-lang-1.8.0-150300.3.3.1

References:

• https://www.suse.com/security/cve/CVE-2022-2469.html
• https://bugzilla.suse.com/show_bug.cgi?id=1201715