User: Password:
|
|
Subscribe / Log in / New account

Mandrake alert MDKSA-2005:054 (cyrus-sasl)

From:  Mandrakelinux Security Team <security@linux-mandrake.com>
To:  security-announce@linux-mandrake.com
Subject:  [Security Announce] MDKSA-2005:054 - Updated cyrus-sasl packages fix vulnerability
Date:  Tue, 15 Mar 2005 16:19:08 -0700

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandrakelinux Security Update Advisory _______________________________________________________________________ Package name: cyrus-sasl Advisory ID: MDKSA-2005:054 Date: March 15th, 2005 Affected versions: 10.0, Corporate 3.0 ______________________________________________________________________ Problem Description: A buffer overflow was discovered in cyrus-sasl's digestmd5 code. This could lead to a remote attacker executing code in the context of the service using SASL authentication. This vulnerability was fixed upstream in version 2.1.19. The updated packages are patched to deal with this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0373 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: c965657c81701b081fee1a96da4d01a4 10.0/RPMS/cyrus-sasl-2.1.15-10.2.100mdk.i586.rpm c2933e9b68c42a5496b12812d9899a6c 10.0/RPMS/libsasl2-2.1.15-10.2.100mdk.i586.rpm a127e8480ad3decc7235cf3a1115abc2 10.0/RPMS/libsasl2-devel-2.1.15-10.2.100mdk.i586.rpm 13846d2883187f58d0d2f8b6b0f38e1d 10.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.2.100mdk.i586.rpm 6de10ba00aade07c66e97c1a4d092a12 10.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.2.100mdk.i586.rpm bf48f500c3e1620107ae0da33c1bf80d 10.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.2.100mdk.i586.rpm 397316f4f40bd527023a1b16f84cef79 10.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.2.100mdk.i586.rpm c319d819b12fa73b0542775eedc3e88e 10.0/RPMS/libsasl2-plug-login-2.1.15-10.2.100mdk.i586.rpm d952125ee7b241fc4d25278f542208f6 10.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.2.100mdk.i586.rpm 7637c809edf6b7f7d4b2e489a52209e8 10.0/RPMS/libsasl2-plug-otp-2.1.15-10.2.100mdk.i586.rpm b3a33d07209d28b2059adba1efddcc26 10.0/RPMS/libsasl2-plug-plain-2.1.15-10.2.100mdk.i586.rpm 82f3297fcbe19a766fcdbb445787d400 10.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.2.100mdk.i586.rpm 10436f6c81cf89d6f9cdc8a6b96f35e8 10.0/RPMS/libsasl2-plug-srp-2.1.15-10.2.100mdk.i586.rpm 0ea10d6b7a558b5261643628afe6cb51 10.0/SRPMS/cyrus-sasl-2.1.15-10.2.100mdk.src.rpm Mandrakelinux 10.0/AMD64: 8e9dbf93cb8c802885b66e3239eea41a amd64/10.0/RPMS/cyrus-sasl-2.1.15-10.2.100mdk.amd64.rpm 16f2942eb0b01de2c537074276d187d4 amd64/10.0/RPMS/lib64sasl2-2.1.15-10.2.100mdk.amd64.rpm d9e2132fcea107e1cb000ff839ba41d7 amd64/10.0/RPMS/lib64sasl2-devel-2.1.15-10.2.100mdk.amd64.rpm 4c98fc6d9e0c5d47fe5579fda042513b amd64/10.0/RPMS/lib64sasl2-plug-anonymous-2.1.15-10.2.100mdk.amd64.rpm f0ff3fa8911def573fbce23d8a0087b9 amd64/10.0/RPMS/lib64sasl2-plug-crammd5-2.1.15-10.2.100mdk.amd64.rpm 5551007c97bde6ed70669afe2edf6e51 amd64/10.0/RPMS/lib64sasl2-plug-digestmd5-2.1.15-10.2.100mdk.amd64.rpm 76dc167feea4115465df02f994a8c13d amd64/10.0/RPMS/lib64sasl2-plug-gssapi-2.1.15-10.2.100mdk.amd64.rpm 8cca7287a249c57a7df00dcb5f69fe2e amd64/10.0/RPMS/lib64sasl2-plug-login-2.1.15-10.2.100mdk.amd64.rpm fcc7a47163ec36c74de45c6cef3a8a95 amd64/10.0/RPMS/lib64sasl2-plug-ntlm-2.1.15-10.2.100mdk.amd64.rpm 47a65ffc42afb7bc8ad169e2040037c1 amd64/10.0/RPMS/lib64sasl2-plug-otp-2.1.15-10.2.100mdk.amd64.rpm 86ce6aa9fee0a58e91473fd857780f7d amd64/10.0/RPMS/lib64sasl2-plug-plain-2.1.15-10.2.100mdk.amd64.rpm 097aba79c22d4cf3651715aa81599347 amd64/10.0/RPMS/lib64sasl2-plug-sasldb-2.1.15-10.2.100mdk.amd64.rpm 817b5efbe462906f98417c961fb9ddb4 amd64/10.0/RPMS/lib64sasl2-plug-srp-2.1.15-10.2.100mdk.amd64.rpm 0ea10d6b7a558b5261643628afe6cb51 amd64/10.0/SRPMS/cyrus-sasl-2.1.15-10.2.100mdk.src.rpm Corporate 3.0: 9430016037f143ccd95783a2ae838b60 corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.2.C30mdk.i586.rpm f7ba0882813eff2368f961d512cebc05 corporate/3.0/RPMS/libsasl2-2.1.15-10.2.C30mdk.i586.rpm 4962b88c78bd0d587e10d07bf0dce5a8 corporate/3.0/RPMS/libsasl2-devel-2.1.15-10.2.C30mdk.i586.rpm e4c3b30a807fa116657c63cd6c2384a5 corporate/3.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.2.C30mdk.i586.rpm b556f8bb89893f2e442002e040aeb2c6 corporate/3.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.2.C30mdk.i586.rpm c3eda3cc2b77098f192fbd43b5087a3f corporate/3.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.2.C30mdk.i586.rpm 90b468d8bf576532529a37eaf630a150 corporate/3.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.2.C30mdk.i586.rpm 7bc65bb2eaed577f2faf01b82f0b20e0 corporate/3.0/RPMS/libsasl2-plug-login-2.1.15-10.2.C30mdk.i586.rpm 0250d76b422f047afc3e9613d067cf8b corporate/3.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.2.C30mdk.i586.rpm cc6a94f26ea6b5351ecd4c389b6abf47 corporate/3.0/RPMS/libsasl2-plug-otp-2.1.15-10.2.C30mdk.i586.rpm 9f81be183209e69059287098c90dd28b corporate/3.0/RPMS/libsasl2-plug-plain-2.1.15-10.2.C30mdk.i586.rpm 51b7cde7664b0f9bc6b7cc71cbddbf9c corporate/3.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.2.C30mdk.i586.rpm 9a799ea09b1b4469bb95d543a661d3ec corporate/3.0/RPMS/libsasl2-plug-srp-2.1.15-10.2.C30mdk.i586.rpm f34c98de51085359bdaaaea619e7c735 corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.2.C30mdk.src.rpm Corporate 3.0/X86_64: 25582eb4340f4b85d82e3d9c0fcc03f7 x86_64/corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.2.C30mdk.x86_64.rpm d7e42e6022d8f490f9b4d0df80334c05 x86_64/corporate/3.0/RPMS/lib64sasl2-2.1.15-10.2.C30mdk.x86_64.rpm a7e1ee54704b52a23eb52a5426e669aa x86_64/corporate/3.0/RPMS/lib64sasl2-devel-2.1.15-10.2.C30mdk.x86_64.rpm d5479403c2e037a61ea2f98ec115f705 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-anonymous-2.1.15-10.2.C30mdk.x86_64.rpm 807df45e6f0940aca1afb8a4f1799649 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-crammd5-2.1.15-10.2.C30mdk.x86_64.rpm 0f8a19b4a3d018d1284361c9d01bc22d x86_64/corporate/3.0/RPMS/lib64sasl2-plug-digestmd5-2.1.15-10.2.C30mdk.x86_64.rpm 96998110c98470af995f3e5bd95c8e1d x86_64/corporate/3.0/RPMS/lib64sasl2-plug-gssapi-2.1.15-10.2.C30mdk.x86_64.rpm 880706198b6af174b944e8d133fcdaad x86_64/corporate/3.0/RPMS/lib64sasl2-plug-login-2.1.15-10.2.C30mdk.x86_64.rpm 00758faa06b98f406d41638e403e3adc x86_64/corporate/3.0/RPMS/lib64sasl2-plug-ntlm-2.1.15-10.2.C30mdk.x86_64.rpm 9cbed477e4af016a6226395a8a74806f x86_64/corporate/3.0/RPMS/lib64sasl2-plug-otp-2.1.15-10.2.C30mdk.x86_64.rpm 9758e8c5fa232f42c5137634bf5111c8 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-plain-2.1.15-10.2.C30mdk.x86_64.rpm 6b39c3d16308992604499b6927d7831f x86_64/corporate/3.0/RPMS/lib64sasl2-plug-sasldb-2.1.15-10.2.C30mdk.x86_64.rpm e275c19f5d19a4e06ec8982299fef72e x86_64/corporate/3.0/RPMS/lib64sasl2-plug-srp-2.1.15-10.2.C30mdk.x86_64.rpm f34c98de51085359bdaaaea619e7c735 x86_64/corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.2.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security linux-mandrake.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCN21smqjQ0CJFipgRAp4HAKDv8A/VP0ELYPhjOvIVYz7JvKDPhwCfQrfk /0SZI6W0Fh2orgdFpUsN0A0= =5CnM -----END PGP SIGNATURE----- ____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds