MDKSA-2004:106 - Updated cyrus-sasl packages fix local vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: cyrus-sasl
Advisory ID: MDKSA-2004:106
Date: October 7th, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
A vulnerability was discovered in the libsasl library of cyrus-sasl.
libsasl honors the SASL_PATH environment variable blindly, which
could allow a local user to create a malicious "library" that would
get executed with the effective ID of SASL when anything calls
libsasl.
The provided packages are patched to protect against this
vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0884
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
5e5d9e126e0bf03a9c7dc7def1213c4e
10.0/RPMS/cyrus-sasl-2.1.15-10.1.100mdk.i586.rpm
8562e1d0be93b26ea84d0b025644cea1
10.0/RPMS/libsasl2-2.1.15-10.1.100mdk.i586.rpm
533a72fdd6edc830d9217dd984da3aac
10.0/RPMS/libsasl2-devel-2.1.15-10.1.100mdk.i586.rpm
d736f6e8f20741c34e95637d43486471
10.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.1.100mdk.i586.rpm
b62cd043af5fa4dac25c3789b66849c5
10.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.1.100mdk.i586.rpm
e588f90d705706d284a6688dd4b9b136
10.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.1.100mdk.i586.rpm
1f6c4d7f481b6ff91b8d614648e98be5
10.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.1.100mdk.i586.rpm
286f311f343c2f21df4c9fbfd6809d79
10.0/RPMS/libsasl2-plug-login-2.1.15-10.1.100mdk.i586.rpm
eaea38b6454677074aff221769a06ee1
10.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.1.100mdk.i586.rpm
7e48e4c3631c7017a6eb492d09b2a10f
10.0/RPMS/libsasl2-plug-otp-2.1.15-10.1.100mdk.i586.rpm
da6cc786bda3e4e297c753708fa25d45
10.0/RPMS/libsasl2-plug-plain-2.1.15-10.1.100mdk.i586.rpm
555eab832bf1b6e6a230a896542475c1
10.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.1.100mdk.i586.rpm
0c2992258fcea6a83a1a421f2e8bcb57
10.0/RPMS/libsasl2-plug-srp-2.1.15-10.1.100mdk.i586.rpm
efdc07d417c7ebba707bc7bd5b13f829
10.0/SRPMS/cyrus-sasl-2.1.15-10.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
74fff1da23dab6e2ea936663bde4754f
amd64/10.0/RPMS/cyrus-sasl-2.1.15-10.1.100mdk.amd64.rpm
4ae7d79a0035264b4991844061155b22
amd64/10.0/RPMS/lib64sasl2-2.1.15-10.1.100mdk.amd64.rpm
ec042bcd47406ce77ca6270baaa3e30d
amd64/10.0/RPMS/lib64sasl2-devel-2.1.15-10.1.100mdk.amd64.rpm
90bf0467dd3a84ad4bda4191e7beeda6
amd64/10.0/RPMS/lib64sasl2-plug-anonymous-2.1.15-10.1.100mdk.amd64.rpm
0b592508b84e2b59c6d92b67bc9acc7d
amd64/10.0/RPMS/lib64sasl2-plug-crammd5-2.1.15-10.1.100mdk.amd64.rpm
6c165b6f5a153268c090bf48867e1c16
amd64/10.0/RPMS/lib64sasl2-plug-digestmd5-2.1.15-10.1.100mdk.amd64.rpm
80cc5dc58b8096708f136b26707a9979
amd64/10.0/RPMS/lib64sasl2-plug-gssapi-2.1.15-10.1.100mdk.amd64.rpm
e31d97544c17cf3627c96ba30bab4566
amd64/10.0/RPMS/lib64sasl2-plug-login-2.1.15-10.1.100mdk.amd64.rpm
c2cf0e4bf0a16bfa0f12804a38d72086
amd64/10.0/RPMS/lib64sasl2-plug-ntlm-2.1.15-10.1.100mdk.amd64.rpm
adc938ecf528ec25ce15a42eaa0b42cc
amd64/10.0/RPMS/lib64sasl2-plug-otp-2.1.15-10.1.100mdk.amd64.rpm
c1ea1fbea28db51ab5dc79ccd515c3ac
amd64/10.0/RPMS/lib64sasl2-plug-plain-2.1.15-10.1.100mdk.amd64.rpm
cafbef0aa82c2a38cfcac103931536fe
amd64/10.0/RPMS/lib64sasl2-plug-sasldb-2.1.15-10.1.100mdk.amd64.rpm
21cc68617893b2d63b3b0afc466c09b9
amd64/10.0/RPMS/lib64sasl2-plug-srp-2.1.15-10.1.100mdk.amd64.rpm
efdc07d417c7ebba707bc7bd5b13f829
amd64/10.0/SRPMS/cyrus-sasl-2.1.15-10.1.100mdk.src.rpm
Corporate Server 2.1:
66cb444f56bb4217df77428198527b7f
corporate/2.1/RPMS/cyrus-sasl-1.5.27-5.1.C21mdk.i586.rpm
ad6d0411ebddc8f0c760297cfd20c282
corporate/2.1/RPMS/libsasl7-1.5.27-5.1.C21mdk.i586.rpm
20a039725daa6aa3a8e4140922b1a123
corporate/2.1/RPMS/libsasl7-devel-1.5.27-5.1.C21mdk.i586.rpm
9a16c82b1de4fbaccc370e26764620ec
corporate/2.1/RPMS/libsasl7-plug-anonymous-1.5.27-5.1.C21mdk.i586.rpm
798328f930b8262188e745fcfbd7cb43
corporate/2.1/RPMS/libsasl7-plug-crammd5-1.5.27-5.1.C21mdk.i586.rpm
227b3b14966c940870415ed8e1590dc8
corporate/2.1/RPMS/libsasl7-plug-digestmd5-1.5.27-5.1.C21mdk.i586.rpm
c17b0582d7bfcc49feaf98a9650458fc
corporate/2.1/RPMS/libsasl7-plug-login-1.5.27-5.1.C21mdk.i586.rpm
455d4ae2174dad7622337bf2531e012f
corporate/2.1/RPMS/libsasl7-plug-plain-1.5.27-5.1.C21mdk.i586.rpm
a3ea8b441b6454eda5dbf4e9f7a0e126
corporate/2.1/SRPMS/cyrus-sasl-1.5.27-5.1.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
d00de6225fcc2afb91ea13017738de9a
x86_64/corporate/2.1/RPMS/cyrus-sasl-1.5.27-5.1.C21mdk.x86_64.rpm
49bd78a963695b794cc5f0a7d8285447
x86_64/corporate/2.1/RPMS/libsasl7-1.5.27-5.1.C21mdk.x86_64.rpm
44c9864023686e7f4f492a4ac2e0fe53
x86_64/corporate/2.1/RPMS/libsasl7-devel-1.5.27-5.1.C21mdk.x86_64.rpm
7d90d8f1ce6e5874996c048676a73ecd
x86_64/corporate/2.1/RPMS/libsasl7-plug-anonymous-1.5.27-5.1.C21mdk.x86_64.rpm
f8dc759136397b2444baa4f4233c07ae
x86_64/corporate/2.1/RPMS/libsasl7-plug-crammd5-1.5.27-5.1.C21mdk.x86_64.rpm
9d91a8842db34d9e4486736007e459c4
x86_64/corporate/2.1/RPMS/libsasl7-plug-digestmd5-1.5.27-5.1.C21mdk.x86_64.rpm
4e82d378ad868a4f24de02d31de580f6
x86_64/corporate/2.1/RPMS/libsasl7-plug-login-1.5.27-5.1.C21mdk.x86_64.rpm
7cef5720f54436d7b1af6d6c817a3a72
x86_64/corporate/2.1/RPMS/libsasl7-plug-plain-1.5.27-5.1.C21mdk.x86_64.rpm
a3ea8b441b6454eda5dbf4e9f7a0e126
x86_64/corporate/2.1/SRPMS/cyrus-sasl-1.5.27-5.1.C21mdk.src.rpm
Mandrakelinux 9.2:
61fd385bb6c9a096d9799df48d1ee82f 9.2/RPMS/cyrus-sasl-2.1.15-4.1.92mdk.i586.rpm
3c3514ca12a7fdd2e570aa591f455e13 9.2/RPMS/libsasl2-2.1.15-4.1.92mdk.i586.rpm
6ba003f5d656d14144dc8d49083db212
9.2/RPMS/libsasl2-devel-2.1.15-4.1.92mdk.i586.rpm
f86b5496c34adc514066f37b05128cf9
9.2/RPMS/libsasl2-plug-anonymous-2.1.15-4.1.92mdk.i586.rpm
7ac83050851d59918b27ebd32f060245
9.2/RPMS/libsasl2-plug-crammd5-2.1.15-4.1.92mdk.i586.rpm
f74524d4fa09ce1c57b64b3fa8d78c28
9.2/RPMS/libsasl2-plug-digestmd5-2.1.15-4.1.92mdk.i586.rpm
66bd5dce305693ff83fac906d8856371
9.2/RPMS/libsasl2-plug-gssapi-2.1.15-4.1.92mdk.i586.rpm
32aa5d36b1f3305c68cf94f98031003f
9.2/RPMS/libsasl2-plug-login-2.1.15-4.1.92mdk.i586.rpm
6c4014739c88a866c4fbee477c619724
9.2/RPMS/libsasl2-plug-ntlm-2.1.15-4.1.92mdk.i586.rpm
fcf63deaecb78df0821c100ba2916514
9.2/RPMS/libsasl2-plug-otp-2.1.15-4.1.92mdk.i586.rpm
27d0589f02db89408ae4598f5cf36051
9.2/RPMS/libsasl2-plug-plain-2.1.15-4.1.92mdk.i586.rpm
6f3ba42ebce674dc797a042dd6377b64
9.2/RPMS/libsasl2-plug-sasldb-2.1.15-4.1.92mdk.i586.rpm
bd6a6af7f73fa380ed7b7712acced412
9.2/RPMS/libsasl2-plug-srp-2.1.15-4.1.92mdk.i586.rpm
cc2e67e7a7df460932c8c97bbf9d79b6 9.2/SRPMS/cyrus-sasl-2.1.15-4.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
e932be9d60a9990f28f0cc9514c33123
amd64/9.2/RPMS/cyrus-sasl-2.1.15-4.1.92mdk.amd64.rpm
1dda4f42fee8f8480f8a6274c533f929
amd64/9.2/RPMS/lib64sasl2-2.1.15-4.1.92mdk.amd64.rpm
e4cd66b10b8940507ed766e3bae72b38
amd64/9.2/RPMS/lib64sasl2-devel-2.1.15-4.1.92mdk.amd64.rpm
8c4426cf876b988cf8883db132497ae8
amd64/9.2/RPMS/lib64sasl2-plug-anonymous-2.1.15-4.1.92mdk.amd64.rpm
02f3fc6d31ebb7c000d7060c99e63884
amd64/9.2/RPMS/lib64sasl2-plug-crammd5-2.1.15-4.1.92mdk.amd64.rpm
a7b4c37fb6ee6bc53e315dede91e2696
amd64/9.2/RPMS/lib64sasl2-plug-digestmd5-2.1.15-4.1.92mdk.amd64.rpm
e3f1b44b40e8ad0511c814ef6d703835
amd64/9.2/RPMS/lib64sasl2-plug-gssapi-2.1.15-4.1.92mdk.amd64.rpm
f2cd6a80bdb93a4b345ac60cc9975e72
amd64/9.2/RPMS/lib64sasl2-plug-login-2.1.15-4.1.92mdk.amd64.rpm
54b04103e38be7f9ac7982044d72dd83
amd64/9.2/RPMS/lib64sasl2-plug-ntlm-2.1.15-4.1.92mdk.amd64.rpm
87d5b714dae7284efb6024ed92b83aa8
amd64/9.2/RPMS/lib64sasl2-plug-otp-2.1.15-4.1.92mdk.amd64.rpm
eb37724460418bbe7c3f24f915c97e1d
amd64/9.2/RPMS/lib64sasl2-plug-plain-2.1.15-4.1.92mdk.amd64.rpm
82470db324565a79a16401512fd01281
amd64/9.2/RPMS/lib64sasl2-plug-sasldb-2.1.15-4.1.92mdk.amd64.rpm
d2ea27f377fa52e5d651b354ebf20657
amd64/9.2/RPMS/lib64sasl2-plug-srp-2.1.15-4.1.92mdk.amd64.rpm
cc2e67e7a7df460932c8c97bbf9d79b6
amd64/9.2/SRPMS/cyrus-sasl-2.1.15-4.1.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBZZ6smqjQ0CJFipgRAqklAKCy85zvubFuHcjCjE65k1kylu25hwCgtgSu
P5+Ffklyg+/6K51R1aH92aI=
=gbCH
-----END PGP SIGNATURE-----