Subject: | |
From: | |
Reply To: | |
Date: | Wed, 5 Sep 2007 09:04:16 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Moderate: cyrus-sasl security update and bug fix update
Issue date: 2007-09-04
CVE Names: CVE-2006-1721
A bug was found in cyrus-sasl's DIGEST-MD5 authentication mechanism. As
part of the DIGEST-MD5 authentication exchange, the client is expected to
send a specific set of information to the server. If one of these items
(the "realm") was not sent or was malformed, it was possible for a remote
unauthenticated attacker to cause a denial of service (segmentation fault)
on the server. (CVE-2006-1721)
This errata also fixes the following bugs in Scientific Linux 4:
* the Kerberos 5 library included in Red Hat Enterprise Linux 4 was not
thread safe. This update adds functionality which allows it to be used
safely in a threaded application.
* several memory leak bugs were fixed in cyrus-sasl's DIGEST-MD5
authentication plug-in.
* /dev/urandom is now used by default on systems which don't support
hwrandom. Previously, dev/random was the default.
* cyrus-sasl needs zlib-devel to build properly. This dependency
information is now included in the package.
SL 3.0.x
SRPMS:
cyrus-sasl-2.1.15-15.src.rpm
i386:
cyrus-sasl-2.1.15-15.i386.rpm
cyrus-sasl-devel-2.1.15-15.i386.rpm
cyrus-sasl-gssapi-2.1.15-15.i386.rpm
cyrus-sasl-md5-2.1.15-15.i386.rpm
cyrus-sasl-plain-2.1.15-15.i386.rpm
x86_64:
cyrus-sasl-2.1.15-15.i386.rpm
cyrus-sasl-2.1.15-15.x86_64.rpm
cyrus-sasl-devel-2.1.15-15.x86_64.rpm
cyrus-sasl-gssapi-2.1.15-15.i386.rpm
cyrus-sasl-gssapi-2.1.15-15.x86_64.rpm
cyrus-sasl-md5-2.1.15-15.i386.rpm
cyrus-sasl-md5-2.1.15-15.x86_64.rpm
cyrus-sasl-plain-2.1.15-15.i386.rpm
cyrus-sasl-plain-2.1.15-15.x86_64.rpm
SL 4.x
SRPMS:
cyrus-sasl-2.1.19-14.src.rpm
i386:
cyrus-sasl-2.1.19-14.i386.rpm
cyrus-sasl-devel-2.1.19-14.i386.rpm
cyrus-sasl-gssapi-2.1.19-14.i386.rpm
cyrus-sasl-md5-2.1.19-14.i386.rpm
cyrus-sasl-ntlm-2.1.19-14.i386.rpm
cyrus-sasl-plain-2.1.19-14.i386.rpm
cyrus-sasl-sql-2.1.19-14.i386.rpm
x86_64:
cyrus-sasl-2.1.19-14.i386.rpm
cyrus-sasl-2.1.19-14.x86_64.rpm
cyrus-sasl-devel-2.1.19-14.x86_64.rpm
cyrus-sasl-gssapi-2.1.19-14.i386.rpm
cyrus-sasl-gssapi-2.1.19-14.x86_64.rpm
cyrus-sasl-md5-2.1.19-14.i386.rpm
cyrus-sasl-md5-2.1.19-14.x86_64.rpm
cyrus-sasl-ntlm-2.1.19-14.i386.rpm
cyrus-sasl-ntlm-2.1.19-14.x86_64.rpm
cyrus-sasl-plain-2.1.19-14.i386.rpm
cyrus-sasl-plain-2.1.19-14.x86_64.rpm
cyrus-sasl-sql-2.1.19-14.i386.rpm
cyrus-sasl-sql-2.1.19-14.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|