Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2009.0519 -- [Debian]
Cyrus-sasl: Execute Arbitrary Code
2 June 2009
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: cyrus-sasl2, cyrus-sasl2-heimdal
Publisher: Debian
Operating System: Debian GNU/Linux 5.0
Impact: Execute Arbitrary Code/Commands
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2009-0688
Ref: AL-2009.0040
ESB-2009.0474
Original Bulletin: http://www.debian.org/security/2009/dsa-1807
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
Debian Security Advisory DSA-1807-1 security@debian.org
http://www.debian.org/security/ Nico Golde
June 1st, 2009 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------
Package : cyrus-sasl2, cyrus-sasl2-heimdal
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
Debian bug : 528749
CERT advisory : VU#238019
CVE ID : CVE-2009-0688
James Ralston discovered that the sasl_encode64() function of cyrus-sasl2,
a free library implementing the Simple Authentication and Security Layer,
suffers from a missing null termination in certain situations. This causes
several buffer overflows in situations where cyrus-sasl2 itself requires
the string to be null terminated which can lead to denial of service or
arbitrary code execution.
Important notice (Quoting from US-CERT):
While this patch will fix currently vulnerable code, it can cause
non-vulnerable existing code to break. Here's a function prototype from
include/saslutil.h to clarify my explanation:
/* base64 encode
* in -- input data
* inlen -- input data length
* out -- output buffer (will be NUL terminated)
* outmax -- max size of output buffer
* result:
* outlen -- gets actual length of output buffer (optional)
*
* Returns SASL_OK on success, SASL_BUFOVER if result won't fit
*/
LIBSASL_API int sasl_encode64(const char *in, unsigned inlen,
char *out, unsigned outmax,
unsigned *outlen);
Assume a scenario where calling code has been written in such a way that it
calculates the exact size required for base64 encoding in advance, then
allocates a buffer of that exact size, passing a pointer to the buffer into
sasl_encode64() as *out. As long as this code does not anticipate that the
buffer is NUL-terminated (does not call any string-handling functions like
strlen(), for example) the code will work and it will not be vulnerable.
Once this patch is applied, that same code will break because sasl_encode64()
will begin to return SASL_BUFOVER.
For the oldstable distribution (etch), this problem will be fixed soon.
For the stable distribution (lenny), this problem has been fixed in
version 2.1.22.dfsg1-23+lenny1 of cyrus-sasl2 and cyrus-sasl2-heimdal.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 2.1.23.dfsg1-1 of cyrus-sasl2 and cyrus-sasl2-heimdal.
We recommend that you upgrade your cyrus-sasl2/cyrus-sasl2-heimdal packages.
Upgrade instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- - --------------------------------
Debian (stable)
- - ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,
mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal_2.1.22.dfsg1-23+lenny1.dsc
Size/MD5 checksum: 1775 510a3befa02a034758711c4bf329082e
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2_2.1.22.dfsg1-23+lenny1.diff.gz
Size/MD5 checksum: 76458 85b876ee4b8d33a804f1164d727a5281
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2_2.1.22.dfsg1-23+lenny1.dsc
Size/MD5 checksum: 1930 6939422cb0ce3455ce5a1a494692fd68
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2_2.1.22.dfsg1.orig.tar.gz
Size/MD5 checksum: 1370731 f196299b2c07f822c8c56db71b7dc7db
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal_2.1.22.dfsg1.orig.tar.gz
Size/MD5 checksum: 1370731 f196299b2c07f822c8c56db71b7dc7db
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal_2.1.22.dfsg1-23+lenny1.diff.gz
Size/MD5 checksum: 27834 dae4de4ce221e8d5f9ca9fbc8376f1ba
Architecture independent packages:
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-doc_2.1.22.dfsg1-23+lenny1_all.deb
Size/MD5 checksum: 104228 c5b2a9dac2683208cbc7fe0aeaf9e276
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_alpha.deb
Size/MD5 checksum: 84954 9d18b6afabcdb581ba692b0de7abc489
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_alpha.deb
Size/MD5 checksum: 603214 764f256abbe3cfc91a4c0392d79a8262
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_alpha.deb
Size/MD5 checksum: 123794 e2d71664b9f4dbf586366a1ed21e8c23
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_alpha.deb
Size/MD5 checksum: 76294 4e15f169d2b45fa179cdf4a919ab4316
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_alpha.deb
Size/MD5 checksum: 198230 2b8a7bf7981b5f5d999a0a5d671ea401
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_alpha.deb
Size/MD5 checksum: 75114 0da83acb9fbf8b7dc51989cd2c1f3e78
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_alpha.deb
Size/MD5 checksum: 61754 6291c4405e6cbd3507737f866d6a53ee
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_alpha.deb
Size/MD5 checksum: 165322 72628edb29a049c66a31d3ec9678ad89
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_alpha.deb
Size/MD5 checksum: 77222 d68fe70130dd0e59ae91a98d6718d6d7
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_alpha.deb
Size/MD5 checksum: 319558 9c80d311d0c16df5f368708e5a32c6e0
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_alpha.deb
Size/MD5 checksum: 69300 2c83c31dac6f051c8a9879effd293aa8
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_amd64.deb
Size/MD5 checksum: 78176 04d539c8841bd7d1307d74cd2c0189f9
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_amd64.deb
Size/MD5 checksum: 114804 110e9007dc74123976337a86e856eaf0
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_amd64.deb
Size/MD5 checksum: 68878 7db9847a4723d6826f7920ae1993906e
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_amd64.deb
Size/MD5 checksum: 69052 84be4bf75f96bae025d2b92735670dfc
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_amd64.deb
Size/MD5 checksum: 67958 d47d4ee189346d1bdf4b00be9cc8dcfb
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_amd64.deb
Size/MD5 checksum: 58050 ea914b6bf177e468c156fe61bd869d41
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_amd64.deb
Size/MD5 checksum: 276504 eaa42b2f795f8fe85ebb5f84d529071c
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_amd64.deb
Size/MD5 checksum: 609428 91d51cc190a79b50b1b5f96d5d5e6b80
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_amd64.deb
Size/MD5 checksum: 156374 48d94aab8c3f98eacebea35824e726e8
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_amd64.deb
Size/MD5 checksum: 163456 05b37316e0811ecbfbda111e5628f2b1
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_amd64.deb
Size/MD5 checksum: 67342 5633875f4f067e8a92860f80fd57d312
arm architecture (ARM)
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_arm.deb
Size/MD5 checksum: 63788 fe7bd8332cbef2c77cf3dbfd377d878d
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_arm.deb
Size/MD5 checksum: 265720 fdb983efb59dcba138d20b08d04d9760
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_arm.deb
Size/MD5 checksum: 106112 a6b6abccd297cab3e5d0bb8af0c7bdc1
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_arm.deb
Size/MD5 checksum: 573898 24f922a08943d1036ef11c292de130c8
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_arm.deb
Size/MD5 checksum: 64598 a0e5097fac9b08096848ba18d602a9e6
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_arm.deb
Size/MD5 checksum: 67706 423ceff082b95c8d355a46d82e0c8b96
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_arm.deb
Size/MD5 checksum: 73592 3d20e751e51ce1001ecdf74e55756458
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_arm.deb
Size/MD5 checksum: 65062 3b82a869de27691439188148cd4ce84d
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_arm.deb
Size/MD5 checksum: 147070 52d2c37432bea8aae2ba23f8f3c4b90c
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_arm.deb
Size/MD5 checksum: 136654 f11faeafb7502f5eb36361f8c877223d
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_arm.deb
Size/MD5 checksum: 56716 d2048db8e57059c1c9f2ade3b92ebc1f
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_armel.deb
Size/MD5 checksum: 56706 ccbe00612c14d8cb7c46ceec1a523f93
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_armel.deb
Size/MD5 checksum: 67902 c8f859a00df9b06e08e0e3f405fb5b7f
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_armel.deb
Size/MD5 checksum: 575992 15d54bf1d6026698c453b8c3995742e3
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_armel.deb
Size/MD5 checksum: 74912 47b6aac13a77bdb5fbe7d9c6585d5036
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_armel.deb
Size/MD5 checksum: 144840 fa380ab748a1ffe5975b97b78b2c0416
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_armel.deb
Size/MD5 checksum: 63884 00ff7248bca7acf9b704baaf90d0689e
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_armel.deb
Size/MD5 checksum: 64708 92616d18849b68029919d313679b1c82
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_armel.deb
Size/MD5 checksum: 263854 263639282e6004454c5b33c71b9647d4
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_armel.deb
Size/MD5 checksum: 104616 a276680084df232510cc4bc617055a18
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_armel.deb
Size/MD5 checksum: 143942 57e4a79481797f0c32f60401ee1237de
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_armel.deb
Size/MD5 checksum: 63678 2eda7c4085a8f6877ce8061f907b2ad1
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_hppa.deb
Size/MD5 checksum: 80276 d024aad3a3d2d790b0ab5f826af132eb
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_hppa.deb
Size/MD5 checksum: 71646 00212830b9715ceda5eb01d1aaa57402
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_hppa.deb
Size/MD5 checksum: 159494 fd9c8f622178e39834bcadfef091c736
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_hppa.deb
Size/MD5 checksum: 71444 b93c7dae5ae9405b35cd2c41e7253c07
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_hppa.deb
Size/MD5 checksum: 172492 207dc3d84027fc346d90d7810e588a64
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_hppa.deb
Size/MD5 checksum: 294572 9be25532614ae62163e2b635061fe628
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_hppa.deb
Size/MD5 checksum: 61040 25d4df1f36f401f985bf931f46b64781
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_hppa.deb
Size/MD5 checksum: 70710 eb2a5d507bf152da6c36322fc70f449c
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_hppa.deb
Size/MD5 checksum: 68282 f4e90c409355887a3c1fdae2471e386b
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_hppa.deb
Size/MD5 checksum: 588948 4a74364ca6307b066927f26525ff0fdb
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_hppa.deb
Size/MD5 checksum: 118338 f0a1c2c0dd52f0a4d26f3abd4d5309ad
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_i386.deb
Size/MD5 checksum: 57462 5ebb116b052de64d4c7014c1ae14e267
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_i386.deb
Size/MD5 checksum: 259252 ae246a06589d3e2779627c6d3a39eb78
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_i386.deb
Size/MD5 checksum: 64212 e3f9fe64851978336fe8ef915ec7b826
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_i386.deb
Size/MD5 checksum: 67634 8ad13d8d15d19d1dba507e4db3026c54
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_i386.deb
Size/MD5 checksum: 145828 dd6dc6e38f07c36d8c0bbdac20f9eee5
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_i386.deb
Size/MD5 checksum: 575092 fa8a679ad9aa118404834e3c46a6acbf
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_i386.deb
Size/MD5 checksum: 75366 cc8dc458e34dda7c3de4f70279a3105c
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_i386.deb
Size/MD5 checksum: 64160 51d92ff406fde2abd21e6080be6bf3a3
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_i386.deb
Size/MD5 checksum: 105514 36ce7fca9761b6f4dd8b94fa5a67b396
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_i386.deb
Size/MD5 checksum: 146610 f1447794b61c530605a2da75829f62ba
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_i386.deb
Size/MD5 checksum: 65456 ecd58a3ccf79672c2ce00fe7a7b161c7
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_ia64.deb
Size/MD5 checksum: 67580 ece86227d7eace47ab16237e915b3fec
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_ia64.deb
Size/MD5 checksum: 91958 6536d489a5b387070c87fda3d6a928a3
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_ia64.deb
Size/MD5 checksum: 68352 b8532fb79679952018fc9e46fb3ae9e9
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_ia64.deb
Size/MD5 checksum: 341402 8424c2421afe1140c7c2a0ee472ad8a5
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_ia64.deb
Size/MD5 checksum: 83024 4aacfaec8c8f15081db9655ef1050832
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_ia64.deb
Size/MD5 checksum: 149060 90993f31514099790278be32aa5e6614
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_ia64.deb
Size/MD5 checksum: 187396 2fcf8a48bfe03ec3aff87cd75f232ff3
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_ia64.deb
Size/MD5 checksum: 243462 264bddaa5766aeb444d03b40eb4d7fa1
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_ia64.deb
Size/MD5 checksum: 568004 e5fc8d3bdb48f173cf1586e6d55e5bf6
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_ia64.deb
Size/MD5 checksum: 79706 8e11ab18902532dfd516fdeb35093312
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_ia64.deb
Size/MD5 checksum: 82078 0a29e217ca95d171305ed53615b7aeb7
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_mips.deb
Size/MD5 checksum: 104880 5863587f4ebdfc8d2accb92c43975770
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_mips.deb
Size/MD5 checksum: 155770 46cc9b8f9907b607d2029b25a2d5176b
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_mips.deb
Size/MD5 checksum: 68930 52fbafb17a0b36cd4f4ced0257963d00
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_mips.deb
Size/MD5 checksum: 67240 0c00396d4af872fbd68435ce37f5b91f
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_mips.deb
Size/MD5 checksum: 57308 3655fa5d350a36a6e7ac7e15c487c67c
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_mips.deb
Size/MD5 checksum: 77244 901ab9aa01ee8f36ea0c4ae8b9b01384
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_mips.deb
Size/MD5 checksum: 68074 6228a649cc3c0af4278709d81a85691f
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_mips.deb
Size/MD5 checksum: 153862 390c96e802a795ac507d8b97d250b9bc
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_mips.deb
Size/MD5 checksum: 603738 bd9e9352b83c7151718a0b28e8f4d58b
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_mips.deb
Size/MD5 checksum: 287770 a810f916805a6c3622eecf55bac38d88
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_mips.deb
Size/MD5 checksum: 67072 b8d4429a81ee151f53417dbf4e2af658
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_mipsel.deb
Size/MD5 checksum: 593356 6610f0434f090ac4da1c9d31141ff5e8
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_mipsel.deb
Size/MD5 checksum: 67462 6139841e9d8c59b4da4ab38c7518a0ca
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_mipsel.deb
Size/MD5 checksum: 68504 69adbead8bd79767a9de0f4b0354306e
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_mipsel.deb
Size/MD5 checksum: 67572 b0dadb218ba13c6fcb2cd9771b392289
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_mipsel.deb
Size/MD5 checksum: 77924 1426b53e89f0771dd89e0916fa5315b8
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_mipsel.deb
Size/MD5 checksum: 108728 0a5e4d5a5fa93992198c14fa4a018e8d
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_mipsel.deb
Size/MD5 checksum: 68454 b4d4b2b12789d6c1b9b55547bd23289f
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_mipsel.deb
Size/MD5 checksum: 164172 1b1ceb3737ab04fb22bd4a4d20e5f4c0
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_mipsel.deb
Size/MD5 checksum: 57758 b1af996db05522ffe582fc776132fe9f
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_mipsel.deb
Size/MD5 checksum: 287940 fb18899c8acd1a3fb9cfb2950c2a0786
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_mipsel.deb
Size/MD5 checksum: 155390 923b0df689d8546f64d9e94668e1a8c0
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_powerpc.deb
Size/MD5 checksum: 119716 64acba5b3c822aeea5d92acdbe13cdf5
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_powerpc.deb
Size/MD5 checksum: 70260 55506c65fcb75c975d634e72ca57b499
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_powerpc.deb
Size/MD5 checksum: 70536 e2dd4053970203b291fc0064e3fc7e4f
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_powerpc.deb
Size/MD5 checksum: 625910 b49078c416463d3e6fe9e1abaa857ad7
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_powerpc.deb
Size/MD5 checksum: 71772 e73ebc9e9f7b3f957b22dbbed7af487c
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_powerpc.deb
Size/MD5 checksum: 185506 6e31ca4fc06dd38ce754b84f608b0018
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_powerpc.deb
Size/MD5 checksum: 170426 564ade009cd10f03ec390d51a18b1bc6
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_powerpc.deb
Size/MD5 checksum: 71610 e5db62f80f8a909dec79e7926db1c43a
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_powerpc.deb
Size/MD5 checksum: 281752 5595cab6b86610d4f41f648584091c24
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_powerpc.deb
Size/MD5 checksum: 61528 a4d2292554728724b07549d4e4ba9abd
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_powerpc.deb
Size/MD5 checksum: 79702 cac4d2488861483529067e5bf3e57cfa
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_s390.deb
Size/MD5 checksum: 66690 a52cee912cf1f46018d8ed8c54ccf9b6
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_s390.deb
Size/MD5 checksum: 604082 0f8f8838bc5d8487de8a8b23ecb17329
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_s390.deb
Size/MD5 checksum: 112752 890c4b70503ab1bb94fbc0d43d6c7328
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_s390.deb
Size/MD5 checksum: 68984 ab0d3fc56183cd0ff319cdac869b9251
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_s390.deb
Size/MD5 checksum: 77658 d7e99571c7bfa56fbf753b1f69a48935
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_s390.deb
Size/MD5 checksum: 67948 e6e7ab2c5fc90b575896e11acdb227b4
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_s390.deb
Size/MD5 checksum: 166632 a98fd5a59024bd1a2bdd1fb60e692d02
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_s390.deb
Size/MD5 checksum: 67832 31291b7faa6591eb93d8879389a00360
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_s390.deb
Size/MD5 checksum: 157992 66a99b49a60c0e82d0d92d112d381c2e
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_s390.deb
Size/MD5 checksum: 58868 a663ebf059cf987c9949878d0efc7dfc
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_s390.deb
Size/MD5 checksum: 273358 2b4557d2cf8f639984a44dfe6a889b2c
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_sparc.deb
Size/MD5 checksum: 144494 08996d7a2ba0f2ff53abd41245b4f352
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_sparc.deb
Size/MD5 checksum: 137850 394ff90e509d13b822d5ed0cddc2ea27
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_sparc.deb
Size/MD5 checksum: 102142 4739d9c336e9f8173147eb222353ff7a
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_sparc.deb
Size/MD5 checksum: 63600 39aa7cbabf1e395d297bc9636402f5a7
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_sparc.deb
Size/MD5 checksum: 62582 88bd4a20e17255314a5dd788bbb02f86
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_sparc.deb
Size/MD5 checksum: 261038 003e8ca005174a442e1271a04d6c885f
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_sparc.deb
Size/MD5 checksum: 55826 1439ea1b2401eefd06cdd608a9559fa6
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_sparc.deb
Size/MD5 checksum: 62976 6c75a70e425e2032975c46634c404591
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_sparc.deb
Size/MD5 checksum: 65428 9b2b3189c39972e611bc180fd5aa6ba1
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_sparc.deb
Size/MD5 checksum: 535118 407f26e926701d7a0008522aa5da27bb
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_sparc.deb
Size/MD5 checksum: 74926 f2b2c0957166e2196404efbbf9413bfb
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkojzKIACgkQHYflSXNkfP8X4QCdFIZfAWStsWeHaU/VPvslWafO
cOQAniJfVdsiGmjL2V+VHffEeQJF5j5A
=SHqc
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD4DBQFKJHjhNVH5XJJInbgRAnsDAJYzgzyWTNXnQN/5x2jB46Ybb7nxAJ0Qiwcx
ZLnb6xyZE+NDDCMG+hdVzQ==
=r0Sf
-----END PGP SIGNATURE-----