Debian Security Advisory DSA 568-1 - A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. The library honors the environment variable SASL_PATH blindly, which allows a local user to link against a malicious library to run arbitrary code with the privileges of a setuid or setgid application.
94dfb416a2d838aac6036c6e0afd7a491195e67628c775de9243c1d4b0f6e946
Gentoo Linux Security Advisory GLSA 200410-05 - Cyrus-SASL contains two vulnerabilities that might allow an attacker to completely compromise the vulnerable system.
5ba337b1e28e743843f56389236966ffc54ed2ace62f30a576b2a31086385623