SCIENTIFIC-LINUX-ERRATA Archives

September 2007

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA for cyrus-sasl on SL4.x, SL3.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Wed, 5 Sep 2007 09:04:16 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (77 lines) 
Synopsis:	Moderate: cyrus-sasl security update and bug fix update
Issue date:	2007-09-04
CVE Names:	CVE-2006-1721

A bug was found in cyrus-sasl's DIGEST-MD5 authentication mechanism. As
part of the DIGEST-MD5 authentication exchange, the client is expected to
send a specific set of information to the server. If one of these items
(the "realm") was not sent or was malformed, it was possible for a remote
unauthenticated attacker to cause a denial of service (segmentation fault)
on the server. (CVE-2006-1721)

This errata also fixes the following bugs in Scientific Linux 4:

* the Kerberos 5 library included in Red Hat Enterprise Linux 4 was not
thread safe. This update adds functionality which allows it to be used
safely in a threaded application.

* several memory leak bugs were fixed in cyrus-sasl's DIGEST-MD5
authentication plug-in.

* /dev/urandom is now used by default on systems which don't support
hwrandom. Previously, dev/random was the default.

* cyrus-sasl needs zlib-devel to build properly. This dependency
information is now included in the package.

SL 3.0.x

   SRPMS:
	cyrus-sasl-2.1.15-15.src.rpm
   i386:
	cyrus-sasl-2.1.15-15.i386.rpm
	cyrus-sasl-devel-2.1.15-15.i386.rpm
	cyrus-sasl-gssapi-2.1.15-15.i386.rpm
	cyrus-sasl-md5-2.1.15-15.i386.rpm
	cyrus-sasl-plain-2.1.15-15.i386.rpm
   x86_64:
	cyrus-sasl-2.1.15-15.i386.rpm
	cyrus-sasl-2.1.15-15.x86_64.rpm
	cyrus-sasl-devel-2.1.15-15.x86_64.rpm
	cyrus-sasl-gssapi-2.1.15-15.i386.rpm
	cyrus-sasl-gssapi-2.1.15-15.x86_64.rpm
	cyrus-sasl-md5-2.1.15-15.i386.rpm
	cyrus-sasl-md5-2.1.15-15.x86_64.rpm
	cyrus-sasl-plain-2.1.15-15.i386.rpm
	cyrus-sasl-plain-2.1.15-15.x86_64.rpm

SL 4.x

   SRPMS:
	cyrus-sasl-2.1.19-14.src.rpm
   i386:
	cyrus-sasl-2.1.19-14.i386.rpm
	cyrus-sasl-devel-2.1.19-14.i386.rpm
	cyrus-sasl-gssapi-2.1.19-14.i386.rpm
	cyrus-sasl-md5-2.1.19-14.i386.rpm
	cyrus-sasl-ntlm-2.1.19-14.i386.rpm
	cyrus-sasl-plain-2.1.19-14.i386.rpm
	cyrus-sasl-sql-2.1.19-14.i386.rpm
   x86_64:
	cyrus-sasl-2.1.19-14.i386.rpm
	cyrus-sasl-2.1.19-14.x86_64.rpm
	cyrus-sasl-devel-2.1.19-14.x86_64.rpm
	cyrus-sasl-gssapi-2.1.19-14.i386.rpm
	cyrus-sasl-gssapi-2.1.19-14.x86_64.rpm
	cyrus-sasl-md5-2.1.19-14.i386.rpm
	cyrus-sasl-md5-2.1.19-14.x86_64.rpm
	cyrus-sasl-ntlm-2.1.19-14.i386.rpm
	cyrus-sasl-ntlm-2.1.19-14.x86_64.rpm
	cyrus-sasl-plain-2.1.19-14.i386.rpm
	cyrus-sasl-plain-2.1.19-14.x86_64.rpm
	cyrus-sasl-sql-2.1.19-14.i386.rpm
	cyrus-sasl-sql-2.1.19-14.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2