User: Password:
|
|
Subscribe / Log in / New account

Mandriva alert MDKSA-2006:073 (cyrus-sasl)

From:  security@mandriva.com
To:  security-announce@mandrivalinux.org
Subject:  [Security Announce] [ MDKSA-2006:073 ] - Updated cyrus-sasl packages addresses vulnerability
Date:  Mon, 24 Apr 2006 15:38:56 -0600

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:073 http://www.mandriva.com/security/ _______________________________________________________________________ Package : cyrus-sasl Date : April 24, 2006 Affected: 10.2, Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A vulnerability in the CMU Cyrus Simple Authentication and Security Layer (SASL) library < 2.1.21, has an unknown impact and remote unauthenticated attack vectors, related to DIGEST-MD5 negotiation. In practice, Marcus Meissner found it is possible to crash the cyrus-imapd daemon with a carefully crafted communication that leaves out "realm=..." in the reply or the initial server response. Updated packages have been patched to address this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721 _______________________________________________________________________ Updated Packages: Mandriva Linux 10.2: 0f6e423a1ef3803f9b6777e827977b3d 10.2/RPMS/cyrus-sasl-2.1.19-12.1.102mdk.i586.rpm 2e37644e8b213c87f36182e4af6eb433 10.2/RPMS/libsasl2-2.1.19-12.1.102mdk.i586.rpm 2b2c4cf9ea3fd956e9de41e91e4c4fbf 10.2/RPMS/libsasl2-devel-2.1.19-12.1.102mdk.i586.rpm 2173a85249e7db834a966b7cd6e8d5b4 10.2/RPMS/libsasl2-plug-anonymous-2.1.19-12.1.102mdk.i586.rpm 7d9f04136abdfd24487209226c6ab5d7 10.2/RPMS/libsasl2-plug-crammd5-2.1.19-12.1.102mdk.i586.rpm a0e0468a37eeb1af3e3a9a8635900d1b 10.2/RPMS/libsasl2-plug-digestmd5-2.1.19-12.1.102mdk.i586.rpm 8b752a8a31d0948f9a1b0564fbcb724e 10.2/RPMS/libsasl2-plug-gssapi-2.1.19-12.1.102mdk.i586.rpm 3fbc57415040abca570130360a25224d 10.2/RPMS/libsasl2-plug-login-2.1.19-12.1.102mdk.i586.rpm 8907de7fa38e47c4bfece4001b137aa2 10.2/RPMS/libsasl2-plug-ntlm-2.1.19-12.1.102mdk.i586.rpm 545880d896754e11d17cb372c418e778 10.2/RPMS/libsasl2-plug-otp-2.1.19-12.1.102mdk.i586.rpm 0a5882eb7e2c92c7d1fed113a7f18bd5 10.2/RPMS/libsasl2-plug-plain-2.1.19-12.1.102mdk.i586.rpm 667f46d4b52290df98b9af19ee21dee6 10.2/RPMS/libsasl2-plug-sasldb-2.1.19-12.1.102mdk.i586.rpm df6c6c9920af062ed2cbf3ee4c1f9594 10.2/RPMS/libsasl2-plug-sql-2.1.19-12.1.102mdk.i586.rpm cc933c21e9066d307bb30e4272dab7bb 10.2/RPMS/libsasl2-plug-srp-2.1.19-12.1.102mdk.i586.rpm 4551b0897bf06e66ac70d9f139b8765f 10.2/SRPMS/cyrus-sasl-2.1.19-12.1.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 39fd1454e83c134507ca8808da363687 x86_64/10.2/RPMS/cyrus-sasl-2.1.19-12.1.102mdk.x86_64.rpm 57afeeebed5b3fa7ff3e2b2839ccce57 x86_64/10.2/RPMS/lib64sasl2-2.1.19-12.1.102mdk.x86_64.rpm d12ce309789ddc682e1950001ec19389 x86_64/10.2/RPMS/lib64sasl2-devel-2.1.19-12.1.102mdk.x86_64.rpm a83ae6920b1f8e4b7bf8461cbf6c5189 x86_64/10.2/RPMS/lib64sasl2-plug-anonymous-2.1.19-12.1.102mdk.x86_64.rpm d30a0b7d795925f2ea85b5d7f3f438b0 x86_64/10.2/RPMS/lib64sasl2-plug-crammd5-2.1.19-12.1.102mdk.x86_64.rpm fe36af2939a515c0cfcdb060659e5205 x86_64/10.2/RPMS/lib64sasl2-plug-digestmd5-2.1.19-12.1.102mdk.x86_64.rpm 0addc7200f5c435eb831245bda7e2f10 x86_64/10.2/RPMS/lib64sasl2-plug-gssapi-2.1.19-12.1.102mdk.x86_64.rpm 00b84e5dc048bdbd201fb92578510a7d x86_64/10.2/RPMS/lib64sasl2-plug-login-2.1.19-12.1.102mdk.x86_64.rpm fc4ab1994c1152c227d07b8ef2002bfc x86_64/10.2/RPMS/lib64sasl2-plug-ntlm-2.1.19-12.1.102mdk.x86_64.rpm d4fd5b860b88e9da40ffbb19f7f1774d x86_64/10.2/RPMS/lib64sasl2-plug-otp-2.1.19-12.1.102mdk.x86_64.rpm 72aeb079de7722039b218cd3c2a20466 x86_64/10.2/RPMS/lib64sasl2-plug-plain-2.1.19-12.1.102mdk.x86_64.rpm 5d0a5312b270d4d3f7cef16f913904a2 x86_64/10.2/RPMS/lib64sasl2-plug-sasldb-2.1.19-12.1.102mdk.x86_64.rpm f22d9bb0f6271ce0df23c43465e0ada9 x86_64/10.2/RPMS/lib64sasl2-plug-sql-2.1.19-12.1.102mdk.x86_64.rpm 035d220ffceae7ed7cebb283109e4b61 x86_64/10.2/RPMS/lib64sasl2-plug-srp-2.1.19-12.1.102mdk.x86_64.rpm 4551b0897bf06e66ac70d9f139b8765f x86_64/10.2/SRPMS/cyrus-sasl-2.1.19-12.1.102mdk.src.rpm Corporate 3.0: 930ea7b485d2a0602825e46ec4834270 corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.5.C30mdk.i586.rpm e9667c09be3be825f9d67e9c608ebee9 corporate/3.0/RPMS/libsasl2-2.1.15-10.5.C30mdk.i586.rpm 26681a8fd727e325a4ab41fdf0f76d5b corporate/3.0/RPMS/libsasl2-devel-2.1.15-10.5.C30mdk.i586.rpm 531e71aabe2ba6a33db9e25b16d600b3 corporate/3.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.5.C30mdk.i586.rpm 4f2ddc1b1af415ed62216df4fa7a1990 corporate/3.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.5.C30mdk.i586.rpm 41e834325c30d3df778be78ee20936ac corporate/3.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.5.C30mdk.i586.rpm 6fb04d4b4ff321f1743afebcc4bc04af corporate/3.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.5.C30mdk.i586.rpm 2ecbbc9319c881130eee4f32c2ecd13d corporate/3.0/RPMS/libsasl2-plug-login-2.1.15-10.5.C30mdk.i586.rpm 7dd9267c007aa2d4e7477564b1d0053f corporate/3.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.5.C30mdk.i586.rpm 5022c174c4fc977a89200df7639061b3 corporate/3.0/RPMS/libsasl2-plug-otp-2.1.15-10.5.C30mdk.i586.rpm dd5332fbaca9ed53148c514833c85662 corporate/3.0/RPMS/libsasl2-plug-plain-2.1.15-10.5.C30mdk.i586.rpm 721fddfeb6929f20c0b0a036cd94af85 corporate/3.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.5.C30mdk.i586.rpm 91fad35e0d021b48e0724f1028fdb95f corporate/3.0/RPMS/libsasl2-plug-srp-2.1.15-10.5.C30mdk.i586.rpm a47121c61c1d764dd174fb87ba15e11e corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.5.C30mdk.src.rpm Corporate 3.0/X86_64: 1d28b4d2b3011e989ab92bdd2567e743 x86_64/corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.5.C30mdk.x86_64.rpm d722baf79d0b9db27279db46107d7703 x86_64/corporate/3.0/RPMS/lib64sasl2-2.1.15-10.5.C30mdk.x86_64.rpm d2e284770fc354b547e20e92795cdf00 x86_64/corporate/3.0/RPMS/lib64sasl2-devel-2.1.15-10.5.C30mdk.x86_64.rpm d59de45402ce7290a7d4c8e305057ba5 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-anonymous-2.1.15-10.5.C30mdk.x86_64.rpm 2972d5ea5d139ebf54971a3e4b983631 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-crammd5-2.1.15-10.5.C30mdk.x86_64.rpm 201aed549c8efc3bfdd23e15d4e0c95d x86_64/corporate/3.0/RPMS/lib64sasl2-plug-digestmd5-2.1.15-10.5.C30mdk.x86_64.rpm 373cac68a6d6fe16adf4f10d27cd9b44 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-gssapi-2.1.15-10.5.C30mdk.x86_64.rpm 1382da3f31460f7596c5ce3099194c78 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-login-2.1.15-10.5.C30mdk.x86_64.rpm ac1fc40eb0c6b613321032325c91564c x86_64/corporate/3.0/RPMS/lib64sasl2-plug-ntlm-2.1.15-10.5.C30mdk.x86_64.rpm a6b6433706ef5316e9b38c36b5490941 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-otp-2.1.15-10.5.C30mdk.x86_64.rpm 6f845c26b0df123330a8e7dc9e41a3da x86_64/corporate/3.0/RPMS/lib64sasl2-plug-plain-2.1.15-10.5.C30mdk.x86_64.rpm 130905710e927b237b8f3b4a09c56823 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-sasldb-2.1.15-10.5.C30mdk.x86_64.rpm 1560672b155b37e4432e58065662ef25 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-srp-2.1.15-10.5.C30mdk.x86_64.rpm a47121c61c1d764dd174fb87ba15e11e x86_64/corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.5.C30mdk.src.rpm Multi Network Firewall 2.0: 8b6d21b255eb0423935e4755b8d5e14a mnf/2.0/RPMS/cyrus-sasl-2.1.15-10.5.M20mdk.i586.rpm fdb7603310a32f2e44bcf5138fa97a93 mnf/2.0/RPMS/libsasl2-2.1.15-10.5.M20mdk.i586.rpm 4212f51dc7713dcc2551271a4e193ae7 mnf/2.0/RPMS/libsasl2-devel-2.1.15-10.5.M20mdk.i586.rpm 34115f9f7d4da76ec1aae5e97d30e649 mnf/2.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.5.M20mdk.i586.rpm 4c3a147915c049be92c4706ee25ecf62 mnf/2.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.5.M20mdk.i586.rpm cbdf0553d8b352920c19ec71fa657c1f mnf/2.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.5.M20mdk.i586.rpm c9c5c214b8a08441b343b5b8f4f1f4ee mnf/2.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.5.M20mdk.i586.rpm 275828de1aa4acb4e9f425004114ddc2 mnf/2.0/RPMS/libsasl2-plug-login-2.1.15-10.5.M20mdk.i586.rpm 788c1a1134884135899e734b8071602e mnf/2.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.5.M20mdk.i586.rpm a920489cdfd9072f9189d5bebda99c03 mnf/2.0/RPMS/libsasl2-plug-otp-2.1.15-10.5.M20mdk.i586.rpm f184c2d1696670d5a332577535f2b6e5 mnf/2.0/RPMS/libsasl2-plug-plain-2.1.15-10.5.M20mdk.i586.rpm 4b8e4add36ce7bfb1a3b13360ee4a8c5 mnf/2.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.5.M20mdk.i586.rpm 52d4ee53157468483f15c3f58888db3b mnf/2.0/RPMS/libsasl2-plug-srp-2.1.15-10.5.M20mdk.i586.rpm 07885e682d6eb07d7316fda28f31bda5 mnf/2.0/SRPMS/cyrus-sasl-2.1.15-10.5.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFETQHOmqjQ0CJFipgRAnR0AKC/ZJxAqd0AfU2VjyI785X9E/bN4gCg2VEQ xEt8+xfAUd8no5mCIAm2h/k= =UqJL -----END PGP SIGNATURE----- To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________


(Log in to post comments)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds