Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2007.0671 -- [RedHat] Moderate: cyrus-sasl security and bug fix update 5 September 2007 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cyrus-SASL Publisher: Red Hat Operating System: Red Hat Enterprise Linux AS/ES/WS 4 Red Hat Enterprise Linux AS/ES/WS 3 Impact: Denial of Service Access: Remote/Unauthenticated CVE Names: CVE-2006-1721 Ref: ESB-2006.0290 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0795.html https://rhn.redhat.com/errata/RHSA-2007-0878.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: cyrus-sasl security and bug fix update Advisory ID: RHSA-2007:0795-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0795.html Issue date: 2007-09-04 Updated on: 2007-09-04 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-1721 - - --------------------------------------------------------------------- 1. Summary: An updated cyrus-sasl package that addresses a security issue and fixes various other bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. A bug was found in cyrus-sasl's DIGEST-MD5 authentication mechanism. As part of the DIGEST-MD5 authentication exchange, the client is expected to send a specific set of information to the server. If one of these items (the "realm") was not sent or was malformed, it was possible for a remote unauthenticated attacker to cause a denial of service (segmentation fault) on the server. (CVE-2006-1721) This errata also fixes the following bugs: * the Kerberos 5 library included in Red Hat Enterprise Linux 4 was not thread safe. This update adds functionality which allows it to be used safely in a threaded application. * several memory leak bugs were fixed in cyrus-sasl's DIGEST-MD5 authentication plug-in. * /dev/urandom is now used by default on systems which don't support hwrandom. Previously, dev/random was the default. * cyrus-sasl needs zlib-devel to build properly. This dependency information is now included in the package. Users are advised to upgrade to this updated cyrus-sasl package, which resolves these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 157012 - [RFE] cyrus-sasl should use /dev/urandom by default 189814 - CVE-2006-1721 cyrus-sasl digest-md5 DoS 190113 - Missing build dependancy for zlib-devel in cyrus-sasl 243910 - krb5-libs are not thread-safe 244075 - Memory leaks in digest-md5 plugin 250732 - sasl-sample-server crash 6. RPMs required: Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cyrus-sasl-2.1.19-14.src.rpm 4949e987f4a486518ed80c970bba211d cyrus-sasl-2.1.19-14.src.rpm i386: 66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm 7068dd09926d9ddc3b4307d19ee79082 cyrus-sasl-devel-2.1.19-14.i386.rpm 3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm 5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm 766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm ia64: 66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm d61ba4984d550098f90c81ebed27a84a cyrus-sasl-2.1.19-14.ia64.rpm b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm 4f47f79d4ec909f4508f045ff8c0ff3a cyrus-sasl-debuginfo-2.1.19-14.ia64.rpm 5a6e3fbb46fa1c46439f3f645e3a18c0 cyrus-sasl-devel-2.1.19-14.ia64.rpm 3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm f791bbff376bf7b9e347f1528b9326be cyrus-sasl-gssapi-2.1.19-14.ia64.rpm b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm 9b54fa31b202d2436455fbb9a09423ea cyrus-sasl-md5-2.1.19-14.ia64.rpm 5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm 2e2d77ba2b34d1370209188b4cfc003c cyrus-sasl-ntlm-2.1.19-14.ia64.rpm eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm ca0d49a8813a480782107fc2df5fd30a cyrus-sasl-plain-2.1.19-14.ia64.rpm 766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm f384677d9fd1c9474d75fc7fad3f725a cyrus-sasl-sql-2.1.19-14.ia64.rpm ppc: 1bee1308d0f7df5f3def8aa5552e5f59 cyrus-sasl-2.1.19-14.ppc.rpm 37f022c461682f2f856f73aadb8d1093 cyrus-sasl-2.1.19-14.ppc64.rpm a1fef82dc392efa7f03f5c1bd65af5ea cyrus-sasl-debuginfo-2.1.19-14.ppc.rpm 42434fd0d90cfa3b1f3e86bc9ca60850 cyrus-sasl-debuginfo-2.1.19-14.ppc64.rpm dd4402566019a237d8b921409a28f501 cyrus-sasl-devel-2.1.19-14.ppc.rpm 6a2c9da727c0a488345cf24f8a86c6c0 cyrus-sasl-gssapi-2.1.19-14.ppc.rpm bd4c5c43c185b954f5b41df65d557198 cyrus-sasl-gssapi-2.1.19-14.ppc64.rpm 6a13d09d38cf4d851af050795216481f cyrus-sasl-md5-2.1.19-14.ppc.rpm d4877c245e9bef3d88f3e45ce38332c6 cyrus-sasl-md5-2.1.19-14.ppc64.rpm ab2d30cffd6fd4e96926a6fcf53e4573 cyrus-sasl-ntlm-2.1.19-14.ppc.rpm e47fc3eae285aa44382096f97065b628 cyrus-sasl-ntlm-2.1.19-14.ppc64.rpm df264d66db2dacac26d24240c3362b49 cyrus-sasl-plain-2.1.19-14.ppc.rpm 480a450422f946db4cc0925d466ef57f cyrus-sasl-plain-2.1.19-14.ppc64.rpm 1cac99f90c274ec28bd145abd7f9d9ba cyrus-sasl-sql-2.1.19-14.ppc.rpm d55ea315de0d77d9e194ab63e2ecfb48 cyrus-sasl-sql-2.1.19-14.ppc64.rpm s390: 15533cdce06a7c5a1079a08a097a9a1c cyrus-sasl-2.1.19-14.s390.rpm 70d4068375e7e993265522f46f69890f cyrus-sasl-debuginfo-2.1.19-14.s390.rpm 2bc24a9f498c860047bc2f4f8daf79fc cyrus-sasl-devel-2.1.19-14.s390.rpm 38587346f7d8d8acfbabff1bb05f4c9f cyrus-sasl-gssapi-2.1.19-14.s390.rpm ee9069c61094193bda649718d8c77b28 cyrus-sasl-md5-2.1.19-14.s390.rpm 3ea060f95afd5cbce9ab882f27c57741 cyrus-sasl-ntlm-2.1.19-14.s390.rpm 05f3e1384bec859a0126206f3e6b13b4 cyrus-sasl-plain-2.1.19-14.s390.rpm d1e711f5718ea68c87d99c0ffd3c0bec cyrus-sasl-sql-2.1.19-14.s390.rpm s390x: 15533cdce06a7c5a1079a08a097a9a1c cyrus-sasl-2.1.19-14.s390.rpm 7db2a7b22a1e411ddfea522cc5d8c2ec cyrus-sasl-2.1.19-14.s390x.rpm 70d4068375e7e993265522f46f69890f cyrus-sasl-debuginfo-2.1.19-14.s390.rpm 09b71a85d1bee1ac32410e0ad2329f33 cyrus-sasl-debuginfo-2.1.19-14.s390x.rpm a9adead19ee9b315a850c2fa4f81f45f cyrus-sasl-devel-2.1.19-14.s390x.rpm 38587346f7d8d8acfbabff1bb05f4c9f cyrus-sasl-gssapi-2.1.19-14.s390.rpm 682070a715195d47eb7254fc336c4aed cyrus-sasl-gssapi-2.1.19-14.s390x.rpm ee9069c61094193bda649718d8c77b28 cyrus-sasl-md5-2.1.19-14.s390.rpm e1138dad2af8a9ac592a86660c7570de cyrus-sasl-md5-2.1.19-14.s390x.rpm 3ea060f95afd5cbce9ab882f27c57741 cyrus-sasl-ntlm-2.1.19-14.s390.rpm 331cc569dbed048896125cbd9b658afe cyrus-sasl-ntlm-2.1.19-14.s390x.rpm 05f3e1384bec859a0126206f3e6b13b4 cyrus-sasl-plain-2.1.19-14.s390.rpm 6a6025226b1261491d91f64094d2bd2e cyrus-sasl-plain-2.1.19-14.s390x.rpm d1e711f5718ea68c87d99c0ffd3c0bec cyrus-sasl-sql-2.1.19-14.s390.rpm 60e5ad162702acb8ed6a13dc601d1260 cyrus-sasl-sql-2.1.19-14.s390x.rpm x86_64: 66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm d1e5005820c522f8f847de220e85119e cyrus-sasl-2.1.19-14.x86_64.rpm b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm 6deb1667f7ed365c1618742aa3494736 cyrus-sasl-debuginfo-2.1.19-14.x86_64.rpm 7a363042e12b94b32e74b9edf820e2cb cyrus-sasl-devel-2.1.19-14.x86_64.rpm 3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm 485846dfccf7ff8382b9285ce4c22802 cyrus-sasl-gssapi-2.1.19-14.x86_64.rpm b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm 74f41d53a2ba7a2d825eca4e68c5826a cyrus-sasl-md5-2.1.19-14.x86_64.rpm 5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm 21fffca415363bf3205a1acad5d7a707 cyrus-sasl-ntlm-2.1.19-14.x86_64.rpm eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm c13b35aa40480e1615c1388c2cd42934 cyrus-sasl-plain-2.1.19-14.x86_64.rpm 766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm b2969d17575d799403a0a5afe586a4d3 cyrus-sasl-sql-2.1.19-14.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cyrus-sasl-2.1.19-14.src.rpm 4949e987f4a486518ed80c970bba211d cyrus-sasl-2.1.19-14.src.rpm i386: 66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm 7068dd09926d9ddc3b4307d19ee79082 cyrus-sasl-devel-2.1.19-14.i386.rpm 3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm 5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm 766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm x86_64: 66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm d1e5005820c522f8f847de220e85119e cyrus-sasl-2.1.19-14.x86_64.rpm b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm 6deb1667f7ed365c1618742aa3494736 cyrus-sasl-debuginfo-2.1.19-14.x86_64.rpm 7a363042e12b94b32e74b9edf820e2cb cyrus-sasl-devel-2.1.19-14.x86_64.rpm 3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm 485846dfccf7ff8382b9285ce4c22802 cyrus-sasl-gssapi-2.1.19-14.x86_64.rpm b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm 74f41d53a2ba7a2d825eca4e68c5826a cyrus-sasl-md5-2.1.19-14.x86_64.rpm 5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm 21fffca415363bf3205a1acad5d7a707 cyrus-sasl-ntlm-2.1.19-14.x86_64.rpm eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm c13b35aa40480e1615c1388c2cd42934 cyrus-sasl-plain-2.1.19-14.x86_64.rpm 766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm b2969d17575d799403a0a5afe586a4d3 cyrus-sasl-sql-2.1.19-14.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cyrus-sasl-2.1.19-14.src.rpm 4949e987f4a486518ed80c970bba211d cyrus-sasl-2.1.19-14.src.rpm i386: 66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm 7068dd09926d9ddc3b4307d19ee79082 cyrus-sasl-devel-2.1.19-14.i386.rpm 3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm 5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm 766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm ia64: 66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm d61ba4984d550098f90c81ebed27a84a cyrus-sasl-2.1.19-14.ia64.rpm b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm 4f47f79d4ec909f4508f045ff8c0ff3a cyrus-sasl-debuginfo-2.1.19-14.ia64.rpm 5a6e3fbb46fa1c46439f3f645e3a18c0 cyrus-sasl-devel-2.1.19-14.ia64.rpm 3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm f791bbff376bf7b9e347f1528b9326be cyrus-sasl-gssapi-2.1.19-14.ia64.rpm b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm 9b54fa31b202d2436455fbb9a09423ea cyrus-sasl-md5-2.1.19-14.ia64.rpm 5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm 2e2d77ba2b34d1370209188b4cfc003c cyrus-sasl-ntlm-2.1.19-14.ia64.rpm eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm ca0d49a8813a480782107fc2df5fd30a cyrus-sasl-plain-2.1.19-14.ia64.rpm 766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm f384677d9fd1c9474d75fc7fad3f725a cyrus-sasl-sql-2.1.19-14.ia64.rpm x86_64: 66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm d1e5005820c522f8f847de220e85119e cyrus-sasl-2.1.19-14.x86_64.rpm b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm 6deb1667f7ed365c1618742aa3494736 cyrus-sasl-debuginfo-2.1.19-14.x86_64.rpm 7a363042e12b94b32e74b9edf820e2cb cyrus-sasl-devel-2.1.19-14.x86_64.rpm 3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm 485846dfccf7ff8382b9285ce4c22802 cyrus-sasl-gssapi-2.1.19-14.x86_64.rpm b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm 74f41d53a2ba7a2d825eca4e68c5826a cyrus-sasl-md5-2.1.19-14.x86_64.rpm 5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm 21fffca415363bf3205a1acad5d7a707 cyrus-sasl-ntlm-2.1.19-14.x86_64.rpm eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm c13b35aa40480e1615c1388c2cd42934 cyrus-sasl-plain-2.1.19-14.x86_64.rpm 766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm b2969d17575d799403a0a5afe586a4d3 cyrus-sasl-sql-2.1.19-14.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cyrus-sasl-2.1.19-14.src.rpm 4949e987f4a486518ed80c970bba211d cyrus-sasl-2.1.19-14.src.rpm i386: 66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm 7068dd09926d9ddc3b4307d19ee79082 cyrus-sasl-devel-2.1.19-14.i386.rpm 3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm 5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm 766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm ia64: 66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm d61ba4984d550098f90c81ebed27a84a cyrus-sasl-2.1.19-14.ia64.rpm b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm 4f47f79d4ec909f4508f045ff8c0ff3a cyrus-sasl-debuginfo-2.1.19-14.ia64.rpm 5a6e3fbb46fa1c46439f3f645e3a18c0 cyrus-sasl-devel-2.1.19-14.ia64.rpm 3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm f791bbff376bf7b9e347f1528b9326be cyrus-sasl-gssapi-2.1.19-14.ia64.rpm b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm 9b54fa31b202d2436455fbb9a09423ea cyrus-sasl-md5-2.1.19-14.ia64.rpm 5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm 2e2d77ba2b34d1370209188b4cfc003c cyrus-sasl-ntlm-2.1.19-14.ia64.rpm eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm ca0d49a8813a480782107fc2df5fd30a cyrus-sasl-plain-2.1.19-14.ia64.rpm 766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm f384677d9fd1c9474d75fc7fad3f725a cyrus-sasl-sql-2.1.19-14.ia64.rpm x86_64: 66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm d1e5005820c522f8f847de220e85119e cyrus-sasl-2.1.19-14.x86_64.rpm b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm 6deb1667f7ed365c1618742aa3494736 cyrus-sasl-debuginfo-2.1.19-14.x86_64.rpm 7a363042e12b94b32e74b9edf820e2cb cyrus-sasl-devel-2.1.19-14.x86_64.rpm 3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm 485846dfccf7ff8382b9285ce4c22802 cyrus-sasl-gssapi-2.1.19-14.x86_64.rpm b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm 74f41d53a2ba7a2d825eca4e68c5826a cyrus-sasl-md5-2.1.19-14.x86_64.rpm 5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm 21fffca415363bf3205a1acad5d7a707 cyrus-sasl-ntlm-2.1.19-14.x86_64.rpm eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm c13b35aa40480e1615c1388c2cd42934 cyrus-sasl-plain-2.1.19-14.x86_64.rpm 766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm b2969d17575d799403a0a5afe586a4d3 cyrus-sasl-sql-2.1.19-14.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFG3XCdXlSAg2UNWIIRAjFgAJsEZyBp9PLPuU1EKbfVVMgzwgaUXgCfXda4 zjLfBuJi4Sr0q7cULQxuIVs= =WIu0 - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: cyrus-sasl security update Advisory ID: RHSA-2007:0878-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0878.html Issue date: 2007-09-04 Updated on: 2007-09-04 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-1721 - - --------------------------------------------------------------------- 1. Summary: Updated cyrus-sasl packages that correct a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. A bug was found in cyrus-sasl's DIGEST-MD5 authentication mechanism. As part of the DIGEST-MD5 authentication exchange, the client is expected to send a specific set of information to the server. If one of these items (the "realm") was not sent or was malformed, it was possible for a remote unauthenticated attacker to cause a denial of service (segmentation fault) on the server. (CVE-2006-1721) Users of cyrus-sasl should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 252339 - CVE-2006-1721 cyrus-sasl digest-md5 DoS 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cyrus-sasl-2.1.15-15.src.rpm 971ba1e92e9949601bafd8f7bfb59aa1 cyrus-sasl-2.1.15-15.src.rpm i386: bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm 489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm 2b570b0237173d3a7bde466c6e2fb36b cyrus-sasl-devel-2.1.15-15.i386.rpm e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm ia64: bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm 93e177c34d38edd502093ace0818ec6c cyrus-sasl-2.1.15-15.ia64.rpm 489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm e638f877ec94eb4cbe0e95932286a89a cyrus-sasl-debuginfo-2.1.15-15.ia64.rpm d73eb01b3b091346a3e13e16a4f3012f cyrus-sasl-devel-2.1.15-15.ia64.rpm e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm a2f2c05e60a957ebd6d1366d9affad86 cyrus-sasl-gssapi-2.1.15-15.ia64.rpm fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm d33de0609bd3bdd5c915d12688de8bbf cyrus-sasl-md5-2.1.15-15.ia64.rpm aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm 627e26b0fa51c03d2a78bc9064b331c5 cyrus-sasl-plain-2.1.15-15.ia64.rpm ppc: e80ba70d9318f9c4db9e5aba67f140b4 cyrus-sasl-2.1.15-15.ppc.rpm dd5ba07ac0b7f9db06924dc92ae64e0f cyrus-sasl-2.1.15-15.ppc64.rpm 86d74bb6279e91ebe96c7b8eb9e3187b cyrus-sasl-debuginfo-2.1.15-15.ppc.rpm 872125c0f8b58c342b20251362d8e251 cyrus-sasl-debuginfo-2.1.15-15.ppc64.rpm 7b247b8d3b1dfa910748b006feeb3180 cyrus-sasl-devel-2.1.15-15.ppc.rpm 20f36685aab8e777d6a03bbd07a9043b cyrus-sasl-gssapi-2.1.15-15.ppc.rpm bd759d41630b28ca16a9ac1bff7cd3ef cyrus-sasl-gssapi-2.1.15-15.ppc64.rpm acf5cddc0d2d8da2cf72bc2385ec8639 cyrus-sasl-md5-2.1.15-15.ppc.rpm 877e24163006884120ff7173250cceed cyrus-sasl-md5-2.1.15-15.ppc64.rpm e1152342f5d9e040724742fbda17efaf cyrus-sasl-plain-2.1.15-15.ppc.rpm 4b27130a2484604d8b8532be9cef3d88 cyrus-sasl-plain-2.1.15-15.ppc64.rpm s390: b9961e0723518e7a34d80ab27bdf1e6b cyrus-sasl-2.1.15-15.s390.rpm 0840d385f74719910a65e66ed1d4ae10 cyrus-sasl-debuginfo-2.1.15-15.s390.rpm 8d4586eb684f58b8ad05173a8a441cf1 cyrus-sasl-devel-2.1.15-15.s390.rpm 47aba4aba7b9e3b725cad6faebcdee10 cyrus-sasl-gssapi-2.1.15-15.s390.rpm 789ef3e79fa96edbf6bf29d23507bc55 cyrus-sasl-md5-2.1.15-15.s390.rpm ce0920b0a21006a63764942cdc5f46f5 cyrus-sasl-plain-2.1.15-15.s390.rpm s390x: b9961e0723518e7a34d80ab27bdf1e6b cyrus-sasl-2.1.15-15.s390.rpm 8fef2c2af40d2a350659c2df794e710b cyrus-sasl-2.1.15-15.s390x.rpm 0840d385f74719910a65e66ed1d4ae10 cyrus-sasl-debuginfo-2.1.15-15.s390.rpm 0ea32602c4811bf760309c000bbaed35 cyrus-sasl-debuginfo-2.1.15-15.s390x.rpm 3a7fbf34a092488d62360f9b75a9e032 cyrus-sasl-devel-2.1.15-15.s390x.rpm 47aba4aba7b9e3b725cad6faebcdee10 cyrus-sasl-gssapi-2.1.15-15.s390.rpm 199afb45cc2909aff39c2d4fe2f6247e cyrus-sasl-gssapi-2.1.15-15.s390x.rpm 789ef3e79fa96edbf6bf29d23507bc55 cyrus-sasl-md5-2.1.15-15.s390.rpm 57c373792e1ce7ff1af2153380811804 cyrus-sasl-md5-2.1.15-15.s390x.rpm ce0920b0a21006a63764942cdc5f46f5 cyrus-sasl-plain-2.1.15-15.s390.rpm 467042d8e279de713d4730ec62bcf23c cyrus-sasl-plain-2.1.15-15.s390x.rpm x86_64: bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm ad14eda4c01f9f14406ee1c8b9f51c09 cyrus-sasl-2.1.15-15.x86_64.rpm 489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm 5d966cf53c9b927cfdec711857358b02 cyrus-sasl-debuginfo-2.1.15-15.x86_64.rpm 0b026c8ffebc536a8254f8b3d0b3732a cyrus-sasl-devel-2.1.15-15.x86_64.rpm e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm b974739f506d6079cd221b594c2f3f63 cyrus-sasl-gssapi-2.1.15-15.x86_64.rpm fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm 3589053882bd022ab14839c7f24e7044 cyrus-sasl-md5-2.1.15-15.x86_64.rpm aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm 0d170fb27a78b7cf3d2f946209335593 cyrus-sasl-plain-2.1.15-15.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cyrus-sasl-2.1.15-15.src.rpm 971ba1e92e9949601bafd8f7bfb59aa1 cyrus-sasl-2.1.15-15.src.rpm i386: bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm 489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm 2b570b0237173d3a7bde466c6e2fb36b cyrus-sasl-devel-2.1.15-15.i386.rpm e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm x86_64: bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm ad14eda4c01f9f14406ee1c8b9f51c09 cyrus-sasl-2.1.15-15.x86_64.rpm 489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm 5d966cf53c9b927cfdec711857358b02 cyrus-sasl-debuginfo-2.1.15-15.x86_64.rpm 0b026c8ffebc536a8254f8b3d0b3732a cyrus-sasl-devel-2.1.15-15.x86_64.rpm e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm b974739f506d6079cd221b594c2f3f63 cyrus-sasl-gssapi-2.1.15-15.x86_64.rpm fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm 3589053882bd022ab14839c7f24e7044 cyrus-sasl-md5-2.1.15-15.x86_64.rpm aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm 0d170fb27a78b7cf3d2f946209335593 cyrus-sasl-plain-2.1.15-15.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cyrus-sasl-2.1.15-15.src.rpm 971ba1e92e9949601bafd8f7bfb59aa1 cyrus-sasl-2.1.15-15.src.rpm i386: bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm 489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm 2b570b0237173d3a7bde466c6e2fb36b cyrus-sasl-devel-2.1.15-15.i386.rpm e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm ia64: bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm 93e177c34d38edd502093ace0818ec6c cyrus-sasl-2.1.15-15.ia64.rpm 489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm e638f877ec94eb4cbe0e95932286a89a cyrus-sasl-debuginfo-2.1.15-15.ia64.rpm d73eb01b3b091346a3e13e16a4f3012f cyrus-sasl-devel-2.1.15-15.ia64.rpm e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm a2f2c05e60a957ebd6d1366d9affad86 cyrus-sasl-gssapi-2.1.15-15.ia64.rpm fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm d33de0609bd3bdd5c915d12688de8bbf cyrus-sasl-md5-2.1.15-15.ia64.rpm aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm 627e26b0fa51c03d2a78bc9064b331c5 cyrus-sasl-plain-2.1.15-15.ia64.rpm x86_64: bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm ad14eda4c01f9f14406ee1c8b9f51c09 cyrus-sasl-2.1.15-15.x86_64.rpm 489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm 5d966cf53c9b927cfdec711857358b02 cyrus-sasl-debuginfo-2.1.15-15.x86_64.rpm 0b026c8ffebc536a8254f8b3d0b3732a cyrus-sasl-devel-2.1.15-15.x86_64.rpm e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm b974739f506d6079cd221b594c2f3f63 cyrus-sasl-gssapi-2.1.15-15.x86_64.rpm fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm 3589053882bd022ab14839c7f24e7044 cyrus-sasl-md5-2.1.15-15.x86_64.rpm aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm 0d170fb27a78b7cf3d2f946209335593 cyrus-sasl-plain-2.1.15-15.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cyrus-sasl-2.1.15-15.src.rpm 971ba1e92e9949601bafd8f7bfb59aa1 cyrus-sasl-2.1.15-15.src.rpm i386: bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm 489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm 2b570b0237173d3a7bde466c6e2fb36b cyrus-sasl-devel-2.1.15-15.i386.rpm e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm ia64: bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm 93e177c34d38edd502093ace0818ec6c cyrus-sasl-2.1.15-15.ia64.rpm 489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm e638f877ec94eb4cbe0e95932286a89a cyrus-sasl-debuginfo-2.1.15-15.ia64.rpm d73eb01b3b091346a3e13e16a4f3012f cyrus-sasl-devel-2.1.15-15.ia64.rpm e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm a2f2c05e60a957ebd6d1366d9affad86 cyrus-sasl-gssapi-2.1.15-15.ia64.rpm fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm d33de0609bd3bdd5c915d12688de8bbf cyrus-sasl-md5-2.1.15-15.ia64.rpm aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm 627e26b0fa51c03d2a78bc9064b331c5 cyrus-sasl-plain-2.1.15-15.ia64.rpm x86_64: bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm ad14eda4c01f9f14406ee1c8b9f51c09 cyrus-sasl-2.1.15-15.x86_64.rpm 489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm 5d966cf53c9b927cfdec711857358b02 cyrus-sasl-debuginfo-2.1.15-15.x86_64.rpm 0b026c8ffebc536a8254f8b3d0b3732a cyrus-sasl-devel-2.1.15-15.x86_64.rpm e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm b974739f506d6079cd221b594c2f3f63 cyrus-sasl-gssapi-2.1.15-15.x86_64.rpm fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm 3589053882bd022ab14839c7f24e7044 cyrus-sasl-md5-2.1.15-15.x86_64.rpm aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm 0d170fb27a78b7cf3d2f946209335593 cyrus-sasl-plain-2.1.15-15.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFG3XV1XlSAg2UNWIIRAppTAJ9pRNVqcsitnmhkEtD9vzAtC9pTdgCdFYXh /E1GdkCAo8MLLdAkVN6pclQ= =qssv - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRt3wXih9+71yA2DNAQIcmwP/bFF2Tw3XaEOi1FtD0E+z91aXAhk+0A/n nlfFUKZX3MTfxSCeGA48reg/KxXraQSPhhkl4iRUdXh0kW9KutBCzeP6d7HDNa5N L4oXmso3JwCEbYm+D4ngkisbfbTp99q0/mKWLcE/pa9l7bOaUprPeM/+HGu1gcXk LKtRSPeckzo= =86Tt -----END PGP SIGNATURE-----