Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2007.0671 -- [RedHat]
Moderate: cyrus-sasl security and bug fix update
5 September 2007
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cyrus-SASL
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux AS/ES/WS 4
Red Hat Enterprise Linux AS/ES/WS 3
Impact: Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2006-1721
Ref: ESB-2006.0290
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0795.html
https://rhn.redhat.com/errata/RHSA-2007-0878.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: cyrus-sasl security and bug fix update
Advisory ID: RHSA-2007:0795-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0795.html
Issue date: 2007-09-04
Updated on: 2007-09-04
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-1721
- - ---------------------------------------------------------------------
1. Summary:
An updated cyrus-sasl package that addresses a security issue and fixes
various other bugs is now available for Red Hat Enterprise Linux 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is
the Simple Authentication and Security Layer, a method for adding
authentication support to connection-based protocols.
A bug was found in cyrus-sasl's DIGEST-MD5 authentication mechanism. As
part of the DIGEST-MD5 authentication exchange, the client is expected to
send a specific set of information to the server. If one of these items
(the "realm") was not sent or was malformed, it was possible for a remote
unauthenticated attacker to cause a denial of service (segmentation fault)
on the server. (CVE-2006-1721)
This errata also fixes the following bugs:
* the Kerberos 5 library included in Red Hat Enterprise Linux 4 was not
thread safe. This update adds functionality which allows it to be used
safely in a threaded application.
* several memory leak bugs were fixed in cyrus-sasl's DIGEST-MD5
authentication plug-in.
* /dev/urandom is now used by default on systems which don't support
hwrandom. Previously, dev/random was the default.
* cyrus-sasl needs zlib-devel to build properly. This dependency
information is now included in the package.
Users are advised to upgrade to this updated cyrus-sasl package, which
resolves these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
157012 - [RFE] cyrus-sasl should use /dev/urandom by default
189814 - CVE-2006-1721 cyrus-sasl digest-md5 DoS
190113 - Missing build dependancy for zlib-devel in cyrus-sasl
243910 - krb5-libs are not thread-safe
244075 - Memory leaks in digest-md5 plugin
250732 - sasl-sample-server crash
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cyrus-sasl-2.1.19-14.src.rpm
4949e987f4a486518ed80c970bba211d cyrus-sasl-2.1.19-14.src.rpm
i386:
66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm
b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm
7068dd09926d9ddc3b4307d19ee79082 cyrus-sasl-devel-2.1.19-14.i386.rpm
3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm
b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm
5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm
eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm
766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm
ia64:
66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm
d61ba4984d550098f90c81ebed27a84a cyrus-sasl-2.1.19-14.ia64.rpm
b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm
4f47f79d4ec909f4508f045ff8c0ff3a cyrus-sasl-debuginfo-2.1.19-14.ia64.rpm
5a6e3fbb46fa1c46439f3f645e3a18c0 cyrus-sasl-devel-2.1.19-14.ia64.rpm
3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm
f791bbff376bf7b9e347f1528b9326be cyrus-sasl-gssapi-2.1.19-14.ia64.rpm
b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm
9b54fa31b202d2436455fbb9a09423ea cyrus-sasl-md5-2.1.19-14.ia64.rpm
5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm
2e2d77ba2b34d1370209188b4cfc003c cyrus-sasl-ntlm-2.1.19-14.ia64.rpm
eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm
ca0d49a8813a480782107fc2df5fd30a cyrus-sasl-plain-2.1.19-14.ia64.rpm
766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm
f384677d9fd1c9474d75fc7fad3f725a cyrus-sasl-sql-2.1.19-14.ia64.rpm
ppc:
1bee1308d0f7df5f3def8aa5552e5f59 cyrus-sasl-2.1.19-14.ppc.rpm
37f022c461682f2f856f73aadb8d1093 cyrus-sasl-2.1.19-14.ppc64.rpm
a1fef82dc392efa7f03f5c1bd65af5ea cyrus-sasl-debuginfo-2.1.19-14.ppc.rpm
42434fd0d90cfa3b1f3e86bc9ca60850 cyrus-sasl-debuginfo-2.1.19-14.ppc64.rpm
dd4402566019a237d8b921409a28f501 cyrus-sasl-devel-2.1.19-14.ppc.rpm
6a2c9da727c0a488345cf24f8a86c6c0 cyrus-sasl-gssapi-2.1.19-14.ppc.rpm
bd4c5c43c185b954f5b41df65d557198 cyrus-sasl-gssapi-2.1.19-14.ppc64.rpm
6a13d09d38cf4d851af050795216481f cyrus-sasl-md5-2.1.19-14.ppc.rpm
d4877c245e9bef3d88f3e45ce38332c6 cyrus-sasl-md5-2.1.19-14.ppc64.rpm
ab2d30cffd6fd4e96926a6fcf53e4573 cyrus-sasl-ntlm-2.1.19-14.ppc.rpm
e47fc3eae285aa44382096f97065b628 cyrus-sasl-ntlm-2.1.19-14.ppc64.rpm
df264d66db2dacac26d24240c3362b49 cyrus-sasl-plain-2.1.19-14.ppc.rpm
480a450422f946db4cc0925d466ef57f cyrus-sasl-plain-2.1.19-14.ppc64.rpm
1cac99f90c274ec28bd145abd7f9d9ba cyrus-sasl-sql-2.1.19-14.ppc.rpm
d55ea315de0d77d9e194ab63e2ecfb48 cyrus-sasl-sql-2.1.19-14.ppc64.rpm
s390:
15533cdce06a7c5a1079a08a097a9a1c cyrus-sasl-2.1.19-14.s390.rpm
70d4068375e7e993265522f46f69890f cyrus-sasl-debuginfo-2.1.19-14.s390.rpm
2bc24a9f498c860047bc2f4f8daf79fc cyrus-sasl-devel-2.1.19-14.s390.rpm
38587346f7d8d8acfbabff1bb05f4c9f cyrus-sasl-gssapi-2.1.19-14.s390.rpm
ee9069c61094193bda649718d8c77b28 cyrus-sasl-md5-2.1.19-14.s390.rpm
3ea060f95afd5cbce9ab882f27c57741 cyrus-sasl-ntlm-2.1.19-14.s390.rpm
05f3e1384bec859a0126206f3e6b13b4 cyrus-sasl-plain-2.1.19-14.s390.rpm
d1e711f5718ea68c87d99c0ffd3c0bec cyrus-sasl-sql-2.1.19-14.s390.rpm
s390x:
15533cdce06a7c5a1079a08a097a9a1c cyrus-sasl-2.1.19-14.s390.rpm
7db2a7b22a1e411ddfea522cc5d8c2ec cyrus-sasl-2.1.19-14.s390x.rpm
70d4068375e7e993265522f46f69890f cyrus-sasl-debuginfo-2.1.19-14.s390.rpm
09b71a85d1bee1ac32410e0ad2329f33 cyrus-sasl-debuginfo-2.1.19-14.s390x.rpm
a9adead19ee9b315a850c2fa4f81f45f cyrus-sasl-devel-2.1.19-14.s390x.rpm
38587346f7d8d8acfbabff1bb05f4c9f cyrus-sasl-gssapi-2.1.19-14.s390.rpm
682070a715195d47eb7254fc336c4aed cyrus-sasl-gssapi-2.1.19-14.s390x.rpm
ee9069c61094193bda649718d8c77b28 cyrus-sasl-md5-2.1.19-14.s390.rpm
e1138dad2af8a9ac592a86660c7570de cyrus-sasl-md5-2.1.19-14.s390x.rpm
3ea060f95afd5cbce9ab882f27c57741 cyrus-sasl-ntlm-2.1.19-14.s390.rpm
331cc569dbed048896125cbd9b658afe cyrus-sasl-ntlm-2.1.19-14.s390x.rpm
05f3e1384bec859a0126206f3e6b13b4 cyrus-sasl-plain-2.1.19-14.s390.rpm
6a6025226b1261491d91f64094d2bd2e cyrus-sasl-plain-2.1.19-14.s390x.rpm
d1e711f5718ea68c87d99c0ffd3c0bec cyrus-sasl-sql-2.1.19-14.s390.rpm
60e5ad162702acb8ed6a13dc601d1260 cyrus-sasl-sql-2.1.19-14.s390x.rpm
x86_64:
66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm
d1e5005820c522f8f847de220e85119e cyrus-sasl-2.1.19-14.x86_64.rpm
b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm
6deb1667f7ed365c1618742aa3494736 cyrus-sasl-debuginfo-2.1.19-14.x86_64.rpm
7a363042e12b94b32e74b9edf820e2cb cyrus-sasl-devel-2.1.19-14.x86_64.rpm
3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm
485846dfccf7ff8382b9285ce4c22802 cyrus-sasl-gssapi-2.1.19-14.x86_64.rpm
b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm
74f41d53a2ba7a2d825eca4e68c5826a cyrus-sasl-md5-2.1.19-14.x86_64.rpm
5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm
21fffca415363bf3205a1acad5d7a707 cyrus-sasl-ntlm-2.1.19-14.x86_64.rpm
eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm
c13b35aa40480e1615c1388c2cd42934 cyrus-sasl-plain-2.1.19-14.x86_64.rpm
766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm
b2969d17575d799403a0a5afe586a4d3 cyrus-sasl-sql-2.1.19-14.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cyrus-sasl-2.1.19-14.src.rpm
4949e987f4a486518ed80c970bba211d cyrus-sasl-2.1.19-14.src.rpm
i386:
66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm
b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm
7068dd09926d9ddc3b4307d19ee79082 cyrus-sasl-devel-2.1.19-14.i386.rpm
3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm
b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm
5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm
eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm
766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm
x86_64:
66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm
d1e5005820c522f8f847de220e85119e cyrus-sasl-2.1.19-14.x86_64.rpm
b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm
6deb1667f7ed365c1618742aa3494736 cyrus-sasl-debuginfo-2.1.19-14.x86_64.rpm
7a363042e12b94b32e74b9edf820e2cb cyrus-sasl-devel-2.1.19-14.x86_64.rpm
3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm
485846dfccf7ff8382b9285ce4c22802 cyrus-sasl-gssapi-2.1.19-14.x86_64.rpm
b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm
74f41d53a2ba7a2d825eca4e68c5826a cyrus-sasl-md5-2.1.19-14.x86_64.rpm
5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm
21fffca415363bf3205a1acad5d7a707 cyrus-sasl-ntlm-2.1.19-14.x86_64.rpm
eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm
c13b35aa40480e1615c1388c2cd42934 cyrus-sasl-plain-2.1.19-14.x86_64.rpm
766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm
b2969d17575d799403a0a5afe586a4d3 cyrus-sasl-sql-2.1.19-14.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cyrus-sasl-2.1.19-14.src.rpm
4949e987f4a486518ed80c970bba211d cyrus-sasl-2.1.19-14.src.rpm
i386:
66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm
b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm
7068dd09926d9ddc3b4307d19ee79082 cyrus-sasl-devel-2.1.19-14.i386.rpm
3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm
b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm
5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm
eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm
766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm
ia64:
66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm
d61ba4984d550098f90c81ebed27a84a cyrus-sasl-2.1.19-14.ia64.rpm
b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm
4f47f79d4ec909f4508f045ff8c0ff3a cyrus-sasl-debuginfo-2.1.19-14.ia64.rpm
5a6e3fbb46fa1c46439f3f645e3a18c0 cyrus-sasl-devel-2.1.19-14.ia64.rpm
3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm
f791bbff376bf7b9e347f1528b9326be cyrus-sasl-gssapi-2.1.19-14.ia64.rpm
b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm
9b54fa31b202d2436455fbb9a09423ea cyrus-sasl-md5-2.1.19-14.ia64.rpm
5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm
2e2d77ba2b34d1370209188b4cfc003c cyrus-sasl-ntlm-2.1.19-14.ia64.rpm
eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm
ca0d49a8813a480782107fc2df5fd30a cyrus-sasl-plain-2.1.19-14.ia64.rpm
766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm
f384677d9fd1c9474d75fc7fad3f725a cyrus-sasl-sql-2.1.19-14.ia64.rpm
x86_64:
66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm
d1e5005820c522f8f847de220e85119e cyrus-sasl-2.1.19-14.x86_64.rpm
b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm
6deb1667f7ed365c1618742aa3494736 cyrus-sasl-debuginfo-2.1.19-14.x86_64.rpm
7a363042e12b94b32e74b9edf820e2cb cyrus-sasl-devel-2.1.19-14.x86_64.rpm
3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm
485846dfccf7ff8382b9285ce4c22802 cyrus-sasl-gssapi-2.1.19-14.x86_64.rpm
b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm
74f41d53a2ba7a2d825eca4e68c5826a cyrus-sasl-md5-2.1.19-14.x86_64.rpm
5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm
21fffca415363bf3205a1acad5d7a707 cyrus-sasl-ntlm-2.1.19-14.x86_64.rpm
eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm
c13b35aa40480e1615c1388c2cd42934 cyrus-sasl-plain-2.1.19-14.x86_64.rpm
766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm
b2969d17575d799403a0a5afe586a4d3 cyrus-sasl-sql-2.1.19-14.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cyrus-sasl-2.1.19-14.src.rpm
4949e987f4a486518ed80c970bba211d cyrus-sasl-2.1.19-14.src.rpm
i386:
66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm
b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm
7068dd09926d9ddc3b4307d19ee79082 cyrus-sasl-devel-2.1.19-14.i386.rpm
3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm
b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm
5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm
eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm
766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm
ia64:
66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm
d61ba4984d550098f90c81ebed27a84a cyrus-sasl-2.1.19-14.ia64.rpm
b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm
4f47f79d4ec909f4508f045ff8c0ff3a cyrus-sasl-debuginfo-2.1.19-14.ia64.rpm
5a6e3fbb46fa1c46439f3f645e3a18c0 cyrus-sasl-devel-2.1.19-14.ia64.rpm
3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm
f791bbff376bf7b9e347f1528b9326be cyrus-sasl-gssapi-2.1.19-14.ia64.rpm
b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm
9b54fa31b202d2436455fbb9a09423ea cyrus-sasl-md5-2.1.19-14.ia64.rpm
5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm
2e2d77ba2b34d1370209188b4cfc003c cyrus-sasl-ntlm-2.1.19-14.ia64.rpm
eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm
ca0d49a8813a480782107fc2df5fd30a cyrus-sasl-plain-2.1.19-14.ia64.rpm
766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm
f384677d9fd1c9474d75fc7fad3f725a cyrus-sasl-sql-2.1.19-14.ia64.rpm
x86_64:
66d682b4378d802cbdc74072fa44ed13 cyrus-sasl-2.1.19-14.i386.rpm
d1e5005820c522f8f847de220e85119e cyrus-sasl-2.1.19-14.x86_64.rpm
b9eadb0e55f8058e77db49831d65040e cyrus-sasl-debuginfo-2.1.19-14.i386.rpm
6deb1667f7ed365c1618742aa3494736 cyrus-sasl-debuginfo-2.1.19-14.x86_64.rpm
7a363042e12b94b32e74b9edf820e2cb cyrus-sasl-devel-2.1.19-14.x86_64.rpm
3445d5bccd9b1f6807b7cf6b29a0ee66 cyrus-sasl-gssapi-2.1.19-14.i386.rpm
485846dfccf7ff8382b9285ce4c22802 cyrus-sasl-gssapi-2.1.19-14.x86_64.rpm
b13267475db6aa2e1d03ebfa463d087d cyrus-sasl-md5-2.1.19-14.i386.rpm
74f41d53a2ba7a2d825eca4e68c5826a cyrus-sasl-md5-2.1.19-14.x86_64.rpm
5059e06456e3476737421ff14bb55662 cyrus-sasl-ntlm-2.1.19-14.i386.rpm
21fffca415363bf3205a1acad5d7a707 cyrus-sasl-ntlm-2.1.19-14.x86_64.rpm
eee8ea34647b182e97ea7d057d2d722d cyrus-sasl-plain-2.1.19-14.i386.rpm
c13b35aa40480e1615c1388c2cd42934 cyrus-sasl-plain-2.1.19-14.x86_64.rpm
766d4b0a23cedbb8c3e053fa29414b07 cyrus-sasl-sql-2.1.19-14.i386.rpm
b2969d17575d799403a0a5afe586a4d3 cyrus-sasl-sql-2.1.19-14.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFG3XCdXlSAg2UNWIIRAjFgAJsEZyBp9PLPuU1EKbfVVMgzwgaUXgCfXda4
zjLfBuJi4Sr0q7cULQxuIVs=
=WIu0
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: cyrus-sasl security update
Advisory ID: RHSA-2007:0878-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0878.html
Issue date: 2007-09-04
Updated on: 2007-09-04
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-1721
- - ---------------------------------------------------------------------
1. Summary:
Updated cyrus-sasl packages that correct a security issue are now available
for Red Hat Enterprise Linux 3.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
The cyrus-sasl package contains the Cyrus implementation of SASL.
SASL is the Simple Authentication and Security Layer, a method for
adding authentication support to connection-based protocols.
A bug was found in cyrus-sasl's DIGEST-MD5 authentication mechanism. As
part of the DIGEST-MD5 authentication exchange, the client is expected to
send a specific set of information to the server. If one of these items
(the "realm") was not sent or was malformed, it was possible for a remote
unauthenticated attacker to cause a denial of service (segmentation fault)
on the server. (CVE-2006-1721)
Users of cyrus-sasl should upgrade to these updated packages, which contain a
backported patch to correct this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
252339 - CVE-2006-1721 cyrus-sasl digest-md5 DoS
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cyrus-sasl-2.1.15-15.src.rpm
971ba1e92e9949601bafd8f7bfb59aa1 cyrus-sasl-2.1.15-15.src.rpm
i386:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
2b570b0237173d3a7bde466c6e2fb36b cyrus-sasl-devel-2.1.15-15.i386.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm
ia64:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
93e177c34d38edd502093ace0818ec6c cyrus-sasl-2.1.15-15.ia64.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
e638f877ec94eb4cbe0e95932286a89a cyrus-sasl-debuginfo-2.1.15-15.ia64.rpm
d73eb01b3b091346a3e13e16a4f3012f cyrus-sasl-devel-2.1.15-15.ia64.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
a2f2c05e60a957ebd6d1366d9affad86 cyrus-sasl-gssapi-2.1.15-15.ia64.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
d33de0609bd3bdd5c915d12688de8bbf cyrus-sasl-md5-2.1.15-15.ia64.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm
627e26b0fa51c03d2a78bc9064b331c5 cyrus-sasl-plain-2.1.15-15.ia64.rpm
ppc:
e80ba70d9318f9c4db9e5aba67f140b4 cyrus-sasl-2.1.15-15.ppc.rpm
dd5ba07ac0b7f9db06924dc92ae64e0f cyrus-sasl-2.1.15-15.ppc64.rpm
86d74bb6279e91ebe96c7b8eb9e3187b cyrus-sasl-debuginfo-2.1.15-15.ppc.rpm
872125c0f8b58c342b20251362d8e251 cyrus-sasl-debuginfo-2.1.15-15.ppc64.rpm
7b247b8d3b1dfa910748b006feeb3180 cyrus-sasl-devel-2.1.15-15.ppc.rpm
20f36685aab8e777d6a03bbd07a9043b cyrus-sasl-gssapi-2.1.15-15.ppc.rpm
bd759d41630b28ca16a9ac1bff7cd3ef cyrus-sasl-gssapi-2.1.15-15.ppc64.rpm
acf5cddc0d2d8da2cf72bc2385ec8639 cyrus-sasl-md5-2.1.15-15.ppc.rpm
877e24163006884120ff7173250cceed cyrus-sasl-md5-2.1.15-15.ppc64.rpm
e1152342f5d9e040724742fbda17efaf cyrus-sasl-plain-2.1.15-15.ppc.rpm
4b27130a2484604d8b8532be9cef3d88 cyrus-sasl-plain-2.1.15-15.ppc64.rpm
s390:
b9961e0723518e7a34d80ab27bdf1e6b cyrus-sasl-2.1.15-15.s390.rpm
0840d385f74719910a65e66ed1d4ae10 cyrus-sasl-debuginfo-2.1.15-15.s390.rpm
8d4586eb684f58b8ad05173a8a441cf1 cyrus-sasl-devel-2.1.15-15.s390.rpm
47aba4aba7b9e3b725cad6faebcdee10 cyrus-sasl-gssapi-2.1.15-15.s390.rpm
789ef3e79fa96edbf6bf29d23507bc55 cyrus-sasl-md5-2.1.15-15.s390.rpm
ce0920b0a21006a63764942cdc5f46f5 cyrus-sasl-plain-2.1.15-15.s390.rpm
s390x:
b9961e0723518e7a34d80ab27bdf1e6b cyrus-sasl-2.1.15-15.s390.rpm
8fef2c2af40d2a350659c2df794e710b cyrus-sasl-2.1.15-15.s390x.rpm
0840d385f74719910a65e66ed1d4ae10 cyrus-sasl-debuginfo-2.1.15-15.s390.rpm
0ea32602c4811bf760309c000bbaed35 cyrus-sasl-debuginfo-2.1.15-15.s390x.rpm
3a7fbf34a092488d62360f9b75a9e032 cyrus-sasl-devel-2.1.15-15.s390x.rpm
47aba4aba7b9e3b725cad6faebcdee10 cyrus-sasl-gssapi-2.1.15-15.s390.rpm
199afb45cc2909aff39c2d4fe2f6247e cyrus-sasl-gssapi-2.1.15-15.s390x.rpm
789ef3e79fa96edbf6bf29d23507bc55 cyrus-sasl-md5-2.1.15-15.s390.rpm
57c373792e1ce7ff1af2153380811804 cyrus-sasl-md5-2.1.15-15.s390x.rpm
ce0920b0a21006a63764942cdc5f46f5 cyrus-sasl-plain-2.1.15-15.s390.rpm
467042d8e279de713d4730ec62bcf23c cyrus-sasl-plain-2.1.15-15.s390x.rpm
x86_64:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
ad14eda4c01f9f14406ee1c8b9f51c09 cyrus-sasl-2.1.15-15.x86_64.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
5d966cf53c9b927cfdec711857358b02 cyrus-sasl-debuginfo-2.1.15-15.x86_64.rpm
0b026c8ffebc536a8254f8b3d0b3732a cyrus-sasl-devel-2.1.15-15.x86_64.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
b974739f506d6079cd221b594c2f3f63 cyrus-sasl-gssapi-2.1.15-15.x86_64.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
3589053882bd022ab14839c7f24e7044 cyrus-sasl-md5-2.1.15-15.x86_64.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm
0d170fb27a78b7cf3d2f946209335593 cyrus-sasl-plain-2.1.15-15.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cyrus-sasl-2.1.15-15.src.rpm
971ba1e92e9949601bafd8f7bfb59aa1 cyrus-sasl-2.1.15-15.src.rpm
i386:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
2b570b0237173d3a7bde466c6e2fb36b cyrus-sasl-devel-2.1.15-15.i386.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm
x86_64:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
ad14eda4c01f9f14406ee1c8b9f51c09 cyrus-sasl-2.1.15-15.x86_64.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
5d966cf53c9b927cfdec711857358b02 cyrus-sasl-debuginfo-2.1.15-15.x86_64.rpm
0b026c8ffebc536a8254f8b3d0b3732a cyrus-sasl-devel-2.1.15-15.x86_64.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
b974739f506d6079cd221b594c2f3f63 cyrus-sasl-gssapi-2.1.15-15.x86_64.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
3589053882bd022ab14839c7f24e7044 cyrus-sasl-md5-2.1.15-15.x86_64.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm
0d170fb27a78b7cf3d2f946209335593 cyrus-sasl-plain-2.1.15-15.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cyrus-sasl-2.1.15-15.src.rpm
971ba1e92e9949601bafd8f7bfb59aa1 cyrus-sasl-2.1.15-15.src.rpm
i386:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
2b570b0237173d3a7bde466c6e2fb36b cyrus-sasl-devel-2.1.15-15.i386.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm
ia64:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
93e177c34d38edd502093ace0818ec6c cyrus-sasl-2.1.15-15.ia64.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
e638f877ec94eb4cbe0e95932286a89a cyrus-sasl-debuginfo-2.1.15-15.ia64.rpm
d73eb01b3b091346a3e13e16a4f3012f cyrus-sasl-devel-2.1.15-15.ia64.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
a2f2c05e60a957ebd6d1366d9affad86 cyrus-sasl-gssapi-2.1.15-15.ia64.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
d33de0609bd3bdd5c915d12688de8bbf cyrus-sasl-md5-2.1.15-15.ia64.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm
627e26b0fa51c03d2a78bc9064b331c5 cyrus-sasl-plain-2.1.15-15.ia64.rpm
x86_64:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
ad14eda4c01f9f14406ee1c8b9f51c09 cyrus-sasl-2.1.15-15.x86_64.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
5d966cf53c9b927cfdec711857358b02 cyrus-sasl-debuginfo-2.1.15-15.x86_64.rpm
0b026c8ffebc536a8254f8b3d0b3732a cyrus-sasl-devel-2.1.15-15.x86_64.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
b974739f506d6079cd221b594c2f3f63 cyrus-sasl-gssapi-2.1.15-15.x86_64.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
3589053882bd022ab14839c7f24e7044 cyrus-sasl-md5-2.1.15-15.x86_64.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm
0d170fb27a78b7cf3d2f946209335593 cyrus-sasl-plain-2.1.15-15.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cyrus-sasl-2.1.15-15.src.rpm
971ba1e92e9949601bafd8f7bfb59aa1 cyrus-sasl-2.1.15-15.src.rpm
i386:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
2b570b0237173d3a7bde466c6e2fb36b cyrus-sasl-devel-2.1.15-15.i386.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm
ia64:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
93e177c34d38edd502093ace0818ec6c cyrus-sasl-2.1.15-15.ia64.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
e638f877ec94eb4cbe0e95932286a89a cyrus-sasl-debuginfo-2.1.15-15.ia64.rpm
d73eb01b3b091346a3e13e16a4f3012f cyrus-sasl-devel-2.1.15-15.ia64.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
a2f2c05e60a957ebd6d1366d9affad86 cyrus-sasl-gssapi-2.1.15-15.ia64.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
d33de0609bd3bdd5c915d12688de8bbf cyrus-sasl-md5-2.1.15-15.ia64.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm
627e26b0fa51c03d2a78bc9064b331c5 cyrus-sasl-plain-2.1.15-15.ia64.rpm
x86_64:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
ad14eda4c01f9f14406ee1c8b9f51c09 cyrus-sasl-2.1.15-15.x86_64.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
5d966cf53c9b927cfdec711857358b02 cyrus-sasl-debuginfo-2.1.15-15.x86_64.rpm
0b026c8ffebc536a8254f8b3d0b3732a cyrus-sasl-devel-2.1.15-15.x86_64.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
b974739f506d6079cd221b594c2f3f63 cyrus-sasl-gssapi-2.1.15-15.x86_64.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
3589053882bd022ab14839c7f24e7044 cyrus-sasl-md5-2.1.15-15.x86_64.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm
0d170fb27a78b7cf3d2f946209335593 cyrus-sasl-plain-2.1.15-15.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFG3XV1XlSAg2UNWIIRAppTAJ9pRNVqcsitnmhkEtD9vzAtC9pTdgCdFYXh
/E1GdkCAo8MLLdAkVN6pclQ=
=qssv
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRt3wXih9+71yA2DNAQIcmwP/bFF2Tw3XaEOi1FtD0E+z91aXAhk+0A/n
nlfFUKZX3MTfxSCeGA48reg/KxXraQSPhhkl4iRUdXh0kW9KutBCzeP6d7HDNa5N
L4oXmso3JwCEbYm+D4ngkisbfbTp99q0/mKWLcE/pa9l7bOaUprPeM/+HGu1gcXk
LKtRSPeckzo=
=86Tt
-----END PGP SIGNATURE-----