<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2004:106 - Updated cyrus-sasl packages fix local vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           cyrus-sasl
 Advisory ID:            MDKSA-2004:106
 Date:                   October 7th, 2004

 Affected versions:      10.0, 9.2, Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 A vulnerability was discovered in the libsasl library of cyrus-sasl.
 libsasl honors the SASL_PATH environment variable blindly, which
 could allow a local user to create a malicious "library" that would
 get executed with the effective ID of SASL when anything calls
 libsasl.
 
 The provided packages are patched to protect against this
 vulnerability.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0884
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 5e5d9e126e0bf03a9c7dc7def1213c4e  
10.0/RPMS/cyrus-sasl-2.1.15-10.1.100mdk.i586.rpm
 8562e1d0be93b26ea84d0b025644cea1  
10.0/RPMS/libsasl2-2.1.15-10.1.100mdk.i586.rpm
 533a72fdd6edc830d9217dd984da3aac  
10.0/RPMS/libsasl2-devel-2.1.15-10.1.100mdk.i586.rpm
 d736f6e8f20741c34e95637d43486471  
10.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.1.100mdk.i586.rpm
 b62cd043af5fa4dac25c3789b66849c5  
10.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.1.100mdk.i586.rpm
 e588f90d705706d284a6688dd4b9b136  
10.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.1.100mdk.i586.rpm
 1f6c4d7f481b6ff91b8d614648e98be5  
10.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.1.100mdk.i586.rpm
 286f311f343c2f21df4c9fbfd6809d79  
10.0/RPMS/libsasl2-plug-login-2.1.15-10.1.100mdk.i586.rpm
 eaea38b6454677074aff221769a06ee1  
10.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.1.100mdk.i586.rpm
 7e48e4c3631c7017a6eb492d09b2a10f  
10.0/RPMS/libsasl2-plug-otp-2.1.15-10.1.100mdk.i586.rpm
 da6cc786bda3e4e297c753708fa25d45  
10.0/RPMS/libsasl2-plug-plain-2.1.15-10.1.100mdk.i586.rpm
 555eab832bf1b6e6a230a896542475c1  
10.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.1.100mdk.i586.rpm
 0c2992258fcea6a83a1a421f2e8bcb57  
10.0/RPMS/libsasl2-plug-srp-2.1.15-10.1.100mdk.i586.rpm
 efdc07d417c7ebba707bc7bd5b13f829  
10.0/SRPMS/cyrus-sasl-2.1.15-10.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 74fff1da23dab6e2ea936663bde4754f  
amd64/10.0/RPMS/cyrus-sasl-2.1.15-10.1.100mdk.amd64.rpm
 4ae7d79a0035264b4991844061155b22  
amd64/10.0/RPMS/lib64sasl2-2.1.15-10.1.100mdk.amd64.rpm
 ec042bcd47406ce77ca6270baaa3e30d  
amd64/10.0/RPMS/lib64sasl2-devel-2.1.15-10.1.100mdk.amd64.rpm
 90bf0467dd3a84ad4bda4191e7beeda6  
amd64/10.0/RPMS/lib64sasl2-plug-anonymous-2.1.15-10.1.100mdk.amd64.rpm
 0b592508b84e2b59c6d92b67bc9acc7d  
amd64/10.0/RPMS/lib64sasl2-plug-crammd5-2.1.15-10.1.100mdk.amd64.rpm
 6c165b6f5a153268c090bf48867e1c16  
amd64/10.0/RPMS/lib64sasl2-plug-digestmd5-2.1.15-10.1.100mdk.amd64.rpm
 80cc5dc58b8096708f136b26707a9979  
amd64/10.0/RPMS/lib64sasl2-plug-gssapi-2.1.15-10.1.100mdk.amd64.rpm
 e31d97544c17cf3627c96ba30bab4566  
amd64/10.0/RPMS/lib64sasl2-plug-login-2.1.15-10.1.100mdk.amd64.rpm
 c2cf0e4bf0a16bfa0f12804a38d72086  
amd64/10.0/RPMS/lib64sasl2-plug-ntlm-2.1.15-10.1.100mdk.amd64.rpm
 adc938ecf528ec25ce15a42eaa0b42cc  
amd64/10.0/RPMS/lib64sasl2-plug-otp-2.1.15-10.1.100mdk.amd64.rpm
 c1ea1fbea28db51ab5dc79ccd515c3ac  
amd64/10.0/RPMS/lib64sasl2-plug-plain-2.1.15-10.1.100mdk.amd64.rpm
 cafbef0aa82c2a38cfcac103931536fe  
amd64/10.0/RPMS/lib64sasl2-plug-sasldb-2.1.15-10.1.100mdk.amd64.rpm
 21cc68617893b2d63b3b0afc466c09b9  
amd64/10.0/RPMS/lib64sasl2-plug-srp-2.1.15-10.1.100mdk.amd64.rpm
 efdc07d417c7ebba707bc7bd5b13f829  
amd64/10.0/SRPMS/cyrus-sasl-2.1.15-10.1.100mdk.src.rpm

 Corporate Server 2.1:
 66cb444f56bb4217df77428198527b7f  
corporate/2.1/RPMS/cyrus-sasl-1.5.27-5.1.C21mdk.i586.rpm
 ad6d0411ebddc8f0c760297cfd20c282  
corporate/2.1/RPMS/libsasl7-1.5.27-5.1.C21mdk.i586.rpm
 20a039725daa6aa3a8e4140922b1a123  
corporate/2.1/RPMS/libsasl7-devel-1.5.27-5.1.C21mdk.i586.rpm
 9a16c82b1de4fbaccc370e26764620ec  
corporate/2.1/RPMS/libsasl7-plug-anonymous-1.5.27-5.1.C21mdk.i586.rpm
 798328f930b8262188e745fcfbd7cb43  
corporate/2.1/RPMS/libsasl7-plug-crammd5-1.5.27-5.1.C21mdk.i586.rpm
 227b3b14966c940870415ed8e1590dc8  
corporate/2.1/RPMS/libsasl7-plug-digestmd5-1.5.27-5.1.C21mdk.i586.rpm
 c17b0582d7bfcc49feaf98a9650458fc  
corporate/2.1/RPMS/libsasl7-plug-login-1.5.27-5.1.C21mdk.i586.rpm
 455d4ae2174dad7622337bf2531e012f  
corporate/2.1/RPMS/libsasl7-plug-plain-1.5.27-5.1.C21mdk.i586.rpm
 a3ea8b441b6454eda5dbf4e9f7a0e126  
corporate/2.1/SRPMS/cyrus-sasl-1.5.27-5.1.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 d00de6225fcc2afb91ea13017738de9a  
x86_64/corporate/2.1/RPMS/cyrus-sasl-1.5.27-5.1.C21mdk.x86_64.rpm
 49bd78a963695b794cc5f0a7d8285447  
x86_64/corporate/2.1/RPMS/libsasl7-1.5.27-5.1.C21mdk.x86_64.rpm
 44c9864023686e7f4f492a4ac2e0fe53  
x86_64/corporate/2.1/RPMS/libsasl7-devel-1.5.27-5.1.C21mdk.x86_64.rpm
 7d90d8f1ce6e5874996c048676a73ecd  
x86_64/corporate/2.1/RPMS/libsasl7-plug-anonymous-1.5.27-5.1.C21mdk.x86_64.rpm
 f8dc759136397b2444baa4f4233c07ae  
x86_64/corporate/2.1/RPMS/libsasl7-plug-crammd5-1.5.27-5.1.C21mdk.x86_64.rpm
 9d91a8842db34d9e4486736007e459c4  
x86_64/corporate/2.1/RPMS/libsasl7-plug-digestmd5-1.5.27-5.1.C21mdk.x86_64.rpm
 4e82d378ad868a4f24de02d31de580f6  
x86_64/corporate/2.1/RPMS/libsasl7-plug-login-1.5.27-5.1.C21mdk.x86_64.rpm
 7cef5720f54436d7b1af6d6c817a3a72  
x86_64/corporate/2.1/RPMS/libsasl7-plug-plain-1.5.27-5.1.C21mdk.x86_64.rpm
 a3ea8b441b6454eda5dbf4e9f7a0e126  
x86_64/corporate/2.1/SRPMS/cyrus-sasl-1.5.27-5.1.C21mdk.src.rpm

 Mandrakelinux 9.2:
 61fd385bb6c9a096d9799df48d1ee82f  9.2/RPMS/cyrus-sasl-2.1.15-4.1.92mdk.i586.rpm
 3c3514ca12a7fdd2e570aa591f455e13  9.2/RPMS/libsasl2-2.1.15-4.1.92mdk.i586.rpm
 6ba003f5d656d14144dc8d49083db212  
9.2/RPMS/libsasl2-devel-2.1.15-4.1.92mdk.i586.rpm
 f86b5496c34adc514066f37b05128cf9  
9.2/RPMS/libsasl2-plug-anonymous-2.1.15-4.1.92mdk.i586.rpm
 7ac83050851d59918b27ebd32f060245  
9.2/RPMS/libsasl2-plug-crammd5-2.1.15-4.1.92mdk.i586.rpm
 f74524d4fa09ce1c57b64b3fa8d78c28  
9.2/RPMS/libsasl2-plug-digestmd5-2.1.15-4.1.92mdk.i586.rpm
 66bd5dce305693ff83fac906d8856371  
9.2/RPMS/libsasl2-plug-gssapi-2.1.15-4.1.92mdk.i586.rpm
 32aa5d36b1f3305c68cf94f98031003f  
9.2/RPMS/libsasl2-plug-login-2.1.15-4.1.92mdk.i586.rpm
 6c4014739c88a866c4fbee477c619724  
9.2/RPMS/libsasl2-plug-ntlm-2.1.15-4.1.92mdk.i586.rpm
 fcf63deaecb78df0821c100ba2916514  
9.2/RPMS/libsasl2-plug-otp-2.1.15-4.1.92mdk.i586.rpm
 27d0589f02db89408ae4598f5cf36051  
9.2/RPMS/libsasl2-plug-plain-2.1.15-4.1.92mdk.i586.rpm
 6f3ba42ebce674dc797a042dd6377b64  
9.2/RPMS/libsasl2-plug-sasldb-2.1.15-4.1.92mdk.i586.rpm
 bd6a6af7f73fa380ed7b7712acced412  
9.2/RPMS/libsasl2-plug-srp-2.1.15-4.1.92mdk.i586.rpm
 cc2e67e7a7df460932c8c97bbf9d79b6  9.2/SRPMS/cyrus-sasl-2.1.15-4.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 e932be9d60a9990f28f0cc9514c33123  
amd64/9.2/RPMS/cyrus-sasl-2.1.15-4.1.92mdk.amd64.rpm
 1dda4f42fee8f8480f8a6274c533f929  
amd64/9.2/RPMS/lib64sasl2-2.1.15-4.1.92mdk.amd64.rpm
 e4cd66b10b8940507ed766e3bae72b38  
amd64/9.2/RPMS/lib64sasl2-devel-2.1.15-4.1.92mdk.amd64.rpm
 8c4426cf876b988cf8883db132497ae8  
amd64/9.2/RPMS/lib64sasl2-plug-anonymous-2.1.15-4.1.92mdk.amd64.rpm
 02f3fc6d31ebb7c000d7060c99e63884  
amd64/9.2/RPMS/lib64sasl2-plug-crammd5-2.1.15-4.1.92mdk.amd64.rpm
 a7b4c37fb6ee6bc53e315dede91e2696  
amd64/9.2/RPMS/lib64sasl2-plug-digestmd5-2.1.15-4.1.92mdk.amd64.rpm
 e3f1b44b40e8ad0511c814ef6d703835  
amd64/9.2/RPMS/lib64sasl2-plug-gssapi-2.1.15-4.1.92mdk.amd64.rpm
 f2cd6a80bdb93a4b345ac60cc9975e72  
amd64/9.2/RPMS/lib64sasl2-plug-login-2.1.15-4.1.92mdk.amd64.rpm
 54b04103e38be7f9ac7982044d72dd83  
amd64/9.2/RPMS/lib64sasl2-plug-ntlm-2.1.15-4.1.92mdk.amd64.rpm
 87d5b714dae7284efb6024ed92b83aa8  
amd64/9.2/RPMS/lib64sasl2-plug-otp-2.1.15-4.1.92mdk.amd64.rpm
 eb37724460418bbe7c3f24f915c97e1d  
amd64/9.2/RPMS/lib64sasl2-plug-plain-2.1.15-4.1.92mdk.amd64.rpm
 82470db324565a79a16401512fd01281  
amd64/9.2/RPMS/lib64sasl2-plug-sasldb-2.1.15-4.1.92mdk.amd64.rpm
 d2ea27f377fa52e5d651b354ebf20657  
amd64/9.2/RPMS/lib64sasl2-plug-srp-2.1.15-4.1.92mdk.amd64.rpm
 cc2e67e7a7df460932c8c97bbf9d79b6  
amd64/9.2/SRPMS/cyrus-sasl-2.1.15-4.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBZZ6smqjQ0CJFipgRAqklAKCy85zvubFuHcjCjE65k1kylu25hwCgtgSu
P5+Ffklyg+/6K51R1aH92aI=
=gbCH
-----END PGP SIGNATURE-----