| Package | gsasl |
|---|---|
| Version | 1.8.0-8+deb9u2 (stretch), 1.8.0-8+deb10u2 (buster) |
| Related CVEs | CVE-2026-48829 |
It was discovered that missing input sanitising in the DIGEST-MD5 parser of the GNU SASL library could result in denial of service.
For Debian 10 buster, these problems have been fixed in version 1.8.0-8+deb10u2.
For Debian 9 stretch, these problems have been fixed in version 1.8.0-8+deb9u2.
We recommend that you upgrade your gsasl packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.