From: Mandrakelinux Security Team <security@linux-mandrake.com.>
To: [email protected]Subject: MDKSA-2005:054 - Updated cyrus-sasl packages fix vulnerability
Message-Id: <E1DBLJc-0001CU-2P@updates.mandrakesoft.com.>
Date: Tue, 15 Mar 2005 16:19:08 -0700
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: cyrus-sasl
Advisory ID: MDKSA-2005:054
Date: March 15th, 2005
Affected versions: 10.0, Corporate 3.0
______________________________________________________________________
Problem Description:
A buffer overflow was discovered in cyrus-sasl's digestmd5 code. This
could lead to a remote attacker executing code in the context of the
service using SASL authentication. This vulnerability was fixed
upstream in version 2.1.19.
The updated packages are patched to deal with this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0373
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
c965657c81701b081fee1a96da4d01a4 10.0/RPMS/cyrus-sasl-2.1.15-10.2.100mdk.i586.rpm
c2933e9b68c42a5496b12812d9899a6c 10.0/RPMS/libsasl2-2.1.15-10.2.100mdk.i586.rpm
a127e8480ad3decc7235cf3a1115abc2 10.0/RPMS/libsasl2-devel-2.1.15-10.2.100mdk.i586.rpm
13846d2883187f58d0d2f8b6b0f38e1d 10.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.2.100mdk.i586.rpm
6de10ba00aade07c66e97c1a4d092a12 10.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.2.100mdk.i586.rpm
bf48f500c3e1620107ae0da33c1bf80d 10.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.2.100mdk.i586.rpm
397316f4f40bd527023a1b16f84cef79 10.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.2.100mdk.i586.rpm
c319d819b12fa73b0542775eedc3e88e 10.0/RPMS/libsasl2-plug-login-2.1.15-10.2.100mdk.i586.rpm
d952125ee7b241fc4d25278f542208f6 10.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.2.100mdk.i586.rpm
7637c809edf6b7f7d4b2e489a52209e8 10.0/RPMS/libsasl2-plug-otp-2.1.15-10.2.100mdk.i586.rpm
b3a33d07209d28b2059adba1efddcc26 10.0/RPMS/libsasl2-plug-plain-2.1.15-10.2.100mdk.i586.rpm
82f3297fcbe19a766fcdbb445787d400 10.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.2.100mdk.i586.rpm
10436f6c81cf89d6f9cdc8a6b96f35e8 10.0/RPMS/libsasl2-plug-srp-2.1.15-10.2.100mdk.i586.rpm
0ea10d6b7a558b5261643628afe6cb51 10.0/SRPMS/cyrus-sasl-2.1.15-10.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
8e9dbf93cb8c802885b66e3239eea41a amd64/10.0/RPMS/cyrus-sasl-2.1.15-10.2.100mdk.amd64.rpm
16f2942eb0b01de2c537074276d187d4 amd64/10.0/RPMS/lib64sasl2-2.1.15-10.2.100mdk.amd64.rpm
d9e2132fcea107e1cb000ff839ba41d7 amd64/10.0/RPMS/lib64sasl2-devel-2.1.15-10.2.100mdk.amd64.rpm
4c98fc6d9e0c5d47fe5579fda042513b amd64/10.0/RPMS/lib64sasl2-plug-anonymous-2.1.15-10.2.100mdk.amd64.rpm
f0ff3fa8911def573fbce23d8a0087b9 amd64/10.0/RPMS/lib64sasl2-plug-crammd5-2.1.15-10.2.100mdk.amd64.rpm
5551007c97bde6ed70669afe2edf6e51 amd64/10.0/RPMS/lib64sasl2-plug-digestmd5-2.1.15-10.2.100mdk.amd64.rpm
76dc167feea4115465df02f994a8c13d amd64/10.0/RPMS/lib64sasl2-plug-gssapi-2.1.15-10.2.100mdk.amd64.rpm
8cca7287a249c57a7df00dcb5f69fe2e amd64/10.0/RPMS/lib64sasl2-plug-login-2.1.15-10.2.100mdk.amd64.rpm
fcc7a47163ec36c74de45c6cef3a8a95 amd64/10.0/RPMS/lib64sasl2-plug-ntlm-2.1.15-10.2.100mdk.amd64.rpm
47a65ffc42afb7bc8ad169e2040037c1 amd64/10.0/RPMS/lib64sasl2-plug-otp-2.1.15-10.2.100mdk.amd64.rpm
86ce6aa9fee0a58e91473fd857780f7d amd64/10.0/RPMS/lib64sasl2-plug-plain-2.1.15-10.2.100mdk.amd64.rpm
097aba79c22d4cf3651715aa81599347 amd64/10.0/RPMS/lib64sasl2-plug-sasldb-2.1.15-10.2.100mdk.amd64.rpm
817b5efbe462906f98417c961fb9ddb4 amd64/10.0/RPMS/lib64sasl2-plug-srp-2.1.15-10.2.100mdk.amd64.rpm
0ea10d6b7a558b5261643628afe6cb51 amd64/10.0/SRPMS/cyrus-sasl-2.1.15-10.2.100mdk.src.rpm
Corporate 3.0:
9430016037f143ccd95783a2ae838b60 corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.2.C30mdk.i586.rpm
f7ba0882813eff2368f961d512cebc05 corporate/3.0/RPMS/libsasl2-2.1.15-10.2.C30mdk.i586.rpm
4962b88c78bd0d587e10d07bf0dce5a8 corporate/3.0/RPMS/libsasl2-devel-2.1.15-10.2.C30mdk.i586.rpm
e4c3b30a807fa116657c63cd6c2384a5 corporate/3.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.2.C30mdk.i586.rpm
b556f8bb89893f2e442002e040aeb2c6 corporate/3.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.2.C30mdk.i586.rpm
c3eda3cc2b77098f192fbd43b5087a3f corporate/3.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.2.C30mdk.i586.rpm
90b468d8bf576532529a37eaf630a150 corporate/3.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.2.C30mdk.i586.rpm
7bc65bb2eaed577f2faf01b82f0b20e0 corporate/3.0/RPMS/libsasl2-plug-login-2.1.15-10.2.C30mdk.i586.rpm
0250d76b422f047afc3e9613d067cf8b corporate/3.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.2.C30mdk.i586.rpm
cc6a94f26ea6b5351ecd4c389b6abf47 corporate/3.0/RPMS/libsasl2-plug-otp-2.1.15-10.2.C30mdk.i586.rpm
9f81be183209e69059287098c90dd28b corporate/3.0/RPMS/libsasl2-plug-plain-2.1.15-10.2.C30mdk.i586.rpm
51b7cde7664b0f9bc6b7cc71cbddbf9c corporate/3.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.2.C30mdk.i586.rpm
9a799ea09b1b4469bb95d543a661d3ec corporate/3.0/RPMS/libsasl2-plug-srp-2.1.15-10.2.C30mdk.i586.rpm
f34c98de51085359bdaaaea619e7c735 corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
25582eb4340f4b85d82e3d9c0fcc03f7 x86_64/corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.2.C30mdk.x86_64.rpm
d7e42e6022d8f490f9b4d0df80334c05 x86_64/corporate/3.0/RPMS/lib64sasl2-2.1.15-10.2.C30mdk.x86_64.rpm
a7e1ee54704b52a23eb52a5426e669aa x86_64/corporate/3.0/RPMS/lib64sasl2-devel-2.1.15-10.2.C30mdk.x86_64.rpm
d5479403c2e037a61ea2f98ec115f705 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-anonymous-2.1.15-10.2.C30mdk.x86_64.rpm
807df45e6f0940aca1afb8a4f1799649 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-crammd5-2.1.15-10.2.C30mdk.x86_64.rpm
0f8a19b4a3d018d1284361c9d01bc22d x86_64/corporate/3.0/RPMS/lib64sasl2-plug-digestmd5-2.1.15-10.2.C30mdk.x86_64.rpm
96998110c98470af995f3e5bd95c8e1d x86_64/corporate/3.0/RPMS/lib64sasl2-plug-gssapi-2.1.15-10.2.C30mdk.x86_64.rpm
880706198b6af174b944e8d133fcdaad x86_64/corporate/3.0/RPMS/lib64sasl2-plug-login-2.1.15-10.2.C30mdk.x86_64.rpm
00758faa06b98f406d41638e403e3adc x86_64/corporate/3.0/RPMS/lib64sasl2-plug-ntlm-2.1.15-10.2.C30mdk.x86_64.rpm
9cbed477e4af016a6226395a8a74806f x86_64/corporate/3.0/RPMS/lib64sasl2-plug-otp-2.1.15-10.2.C30mdk.x86_64.rpm
9758e8c5fa232f42c5137634bf5111c8 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-plain-2.1.15-10.2.C30mdk.x86_64.rpm
6b39c3d16308992604499b6927d7831f x86_64/corporate/3.0/RPMS/lib64sasl2-plug-sasldb-2.1.15-10.2.C30mdk.x86_64.rpm
e275c19f5d19a4e06ec8982299fef72e x86_64/corporate/3.0/RPMS/lib64sasl2-plug-srp-2.1.15-10.2.C30mdk.x86_64.rpm
f34c98de51085359bdaaaea619e7c735 x86_64/corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.2.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCN21smqjQ0CJFipgRAp4HAKDv8A/VP0ELYPhjOvIVYz7JvKDPhwCfQrfk
/0SZI6W0Fh2orgdFpUsN0A0=
=5CnM
-----END PGP SIGNATURE-----