User: Password:
|
|
Subscribe / Log in / New account

Debian alert DSA-1042-1 (cyrus-sasl2)

From:  joey@infodrom.org (Martin Schulze)
To:  debian-security-announce@lists.debian.org (Debian Security Announcements)
Subject:  [SECURITY] [DSA 1042-1] New Cyrus SASL packages fix denial of service
Date:  Tue, 25 Apr 2006 19:35:50 +0200 (CEST)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1042-1 security@debian.org http://www.debian.org/security/ Martin Schulze April 25th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : cyrus-sasl2 Vulnerability : programming error Problem type : remote Debian-specific: no CVE ID : CVE-2006-1721 BugTraq ID : 17446 Debian Bug : 361937 The Mu Security research team discovered a denial of service condition in the Simple Authentication and Security Layer authentication library (SASL) during DIGEST-MD5 negotiation. This potentially affects multiple products that use SASL DIGEST-MD5 authentication including OpenLDAP, Sendmail, Postfix, etc. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 2.1.19-1.5sarge1. For the unstable distribution (sid) this problem has been fixed in version 2.1.19.dfsg1-0.2. We recommend that you upgrade your cyrus-sasl2 packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 1120 ec157beb1833036fd69e1d4ce8fda6fe http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 31691 e0b3e61f2e6c67b580280b52f68bc2c5 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 1531667 670f9a0c0a99cf09d679cd5c859a3715 Alpha architecture: http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 277710 84af7feeb9a25d866b9f3d8fe72da959 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 302280 ba5941366cae17028869a4d61a11ecd7 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 218568 34fc9ff869fd10e3017516e61a9fb576 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 62528 d1ab909a0132fa1c809c8f18ea9e2e13 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 63634 83ff3877993d77444a5c19f1f34eafc8 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 59818 93906682632e07771cd3e534dd4a9596 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 128948 8b5d55da1d3ce970b074809c1022c577 AMD64 architecture: http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 264912 a58a7a16b08d0b7c1123b337a9f50e9a http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 258922 03d3660a31f00a448a95f265c5c376f7 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 171340 772cf2196a1f1c10e4ab655c3db75e75 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 54642 6a8d8844d3fdf4ed907037efe423b6cb http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 54304 71fb9d1f3cad979bb3e752d8e57c616a http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 52636 9cb4860537835b99c8869f4623e7be49 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 117754 8477190f7629a53205de940133af7b2c ARM architecture: http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 259912 782d897e4b30330b8a74b78d5c6ea3aa http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 258648 16aa2003619e2a98f92b04ad23de6853 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 159558 a2ac42639f3169d322a72946ad9102f3 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 54000 2b343e405b32e22a62aa78393c1b512e http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 52874 b478eeba34a49707c6fad085d969e7b0 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 51706 f6db6f3f11bd8dc8ebc222098b477a6d http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 112084 1444944cf0446dff17da9e5fa0ef56c3 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 259876 e6cc8a7e3239915675309e5008f35ec5 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 246848 f2fbaa545347aed2508037f88a4c8385 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 156428 ec8ee01062efdfa84743e3bb02cbf00b http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 53460 30d9172803255a24c1a4878aed1bbf9d http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 53120 1330bd6ab5dce0296ce7cc7dc4b71aa5 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 52480 2e65f736d78e55fc2339a6d3d7e6043c http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 113298 7400189677cd72b56bf906af823ea6b8 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 297716 cc67d33162283258095da9f0865fe831 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 319142 c4205ec75d76125ea7c8457207d030c0 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 242876 109fdc9c9c894bf79ec8cd378013cf8d http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 68280 8029fcdb3edc6dd81f3276e9b05c468f http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 67812 274b3e33684a5640d7a62b59a8b82d0f http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 64588 6f842207609383ff9dda5b2e38d3d876 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 148398 2873994829bd42aeb5a09c70a47674a8 HP Precision architecture: http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 273092 a04179c5abd2e520bd89a4c5fa92ab66 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 276150 d6969caaf5f5779176c18e1506274700 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 210004 5c638798cada3e9b628d208f2540b324 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 57982 9f63d82d6a4777a2b059180c59186088 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 58550 e003bd74957cb63d75699b629ba7c7e8 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 57712 00b705982c0120c499e2e41907b19686 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 123150 49876b6d9cf76097550f5cb4c9f98929 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 253136 8792dba22eff19a881e50fc598591da2 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 233110 d40c27b5e6e217af4d4f574d4159d269 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 136948 127d83955edf6bc6d0021793c51509c9 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 49722 1c1ca1cf2fd22e3b978d0873b525f1c6 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 49512 a4161f57dcae5367beed0f6ed3c25dae http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 48492 5f0f98cf3a81760e86a962399ae4d400 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 105356 88d4210937fc6e1cad69ba61d3226692 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 260692 6fa8695720aaf000c5a74a1adbf9778a http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 269286 38cd6e18e4d7032d437c6e8c925ece5d http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 177830 087c0f90f9a70d9dda0e9a7c2471b99b http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 54234 cd2fb0855c15fcde65e9e294a8976a02 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 54886 8cfdd62413109cabb844f82236dd7331 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 52196 1fb746ebe9b2bec536b9846b0ddbc33a http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 126510 e4c7cf5e55459ff8e932e111b058fa28 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 260896 6918916804f2d1929b41f036358c290a http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 269964 23ee3aad5c0c2ae2f805a79289645283 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 178528 154e370f6faa5240d8c5e2d65c0fa5af http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 54442 d15b320f606ab631bc6ab6f556ddcbf1 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 55226 d7f0ced272892edbb34a13805780a035 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 52292 0b8ba7760913edfc221ae7f5935be561 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 126764 c39c40a4d4f69424764643da39453ac9 PowerPC architecture: http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 268216 9609635685078bfa80040a0842db0765 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 265048 a2c9327865d0ecfc4d579f2bc2f1c89e http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 194576 9942e421d09779f23ae98d005d5ce144 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 56322 c118f3ef8f781722ab7e5d4a3a30a26c http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 56518 97f7e147667728dedafdc93ee3860570 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 55410 a52fdbfd7f744bfafc985fea4fcbca4e http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 122102 b5dfacb789f559c96e768cecfb7d2fb5 IBM S/390 architecture: http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 265182 b6019e581e55e876242dd54b55c6627d http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 256402 171101ffa88b88a09b6806012d3521f1 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 182320 a14b25c0d38b89def63ebad809c64ee9 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 54808 46d44a75512b8f9e4bee9f62a8dfa2f6 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 54758 58ea99c844fe806bc097c789799f042d http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 53562 a2cde4aa65d96f74a2cc2b50b829d56f http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 116234 39669d2ff5f193e575d84c8a2687cf2c Sun Sparc architecture: http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 257486 016e71cb127a653139288de65cd60f0f http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 248480 c1f8b0721ec4d4a46a4ce7626881297c http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 148928 1f03dfcfd816ee0ec5fff26437d93120 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 50086 0cb3c64557d94ad9a1baf27986fe123e http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 50700 16b516a04caa6574fa5d48859af3d71d http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 50186 7f2d18aa1627d1ef06c956a4236f1f90 http://security.debian.org/pool/updates/main/c/cyrus-sasl... Size/MD5 checksum: 111594 373066473523fa54aab6cb36235450da These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFETl32W5ql+IAeqTIRAmg/AJ9TiVkfPMCm0oi06LgfCRHfLC/RXwCcDeE8 M/J+RZ2vh6RQ8eFsFxgoTaY= =1iBO -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


(Log in to post comments)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds