=========================================================== Ubuntu Security Notice USN-272-1 April 24, 2006 cyrus-sasl2 vulnerability CVE-2006-1721 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: libsasl2-modules-gssapi-heimdal The problem can be corrected by upgrading the affected package to version 2.1.19-1.3ubuntu0.1 (for Ubuntu 4.10), 2.1.19-1.5ubuntu1.1 (for Ubuntu 5.04), or 2.1.19-1.5ubuntu4.2 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. If you configured Postfix, OpenLDAP or possibly other server applications to use SASL with the DIGEST-MD5 plugin, you need to restart these services after the security upgrade. Details follow: A Denial of Service vulnerability has been discovered in the SASL authentication library when using the DIGEST-MD5 plugin. By sending a specially crafted realm name, a malicious SASL server could exploit this to crash the application that uses SASL. Updated packages for Ubuntu 4.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.3ubuntu0.1.diff.gz Size/MD5: 31295 28e26e81bea870375a9044475339913f http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.3ubuntu0.1.dsc Size/MD5: 1082 4131240372a9da4d2da02c9165d63bc8 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.orig.tar.gz Size/MD5: 1531667 670f9a0c0a99cf09d679cd5c859a3715 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.3ubuntu0.1_amd64.deb Size/MD5: 258820 86d5866babc1766104f4b66ab2fed360 http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_amd64.deb Size/MD5: 54526 6b723bbd20889704ca2cbd95067f151d http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_amd64.deb Size/MD5: 54196 fd9c85128b607d7df0339033102363db http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.3ubuntu0.1_amd64.deb Size/MD5: 52524 1ef5d455faa9f522ace1c7b06aff8ca0 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.3ubuntu0.1_amd64.deb Size/MD5: 171254 0c0b5377e38c80bc53a36aa4bb9d38fe http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.3ubuntu0.1_amd64.deb Size/MD5: 264802 3a8f1cde60bc029316fc1a9948a1eeea http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.3ubuntu0.1_amd64.deb Size/MD5: 117620 82cdfbb8f1883a52682a2808fe4ec98e i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.3ubuntu0.1_i386.deb Size/MD5: 242882 26d8e5125fd2b51b67a8217bd1efa180 http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_i386.deb Size/MD5: 52458 1e946756a860b576f046215d797e0c5b http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_i386.deb Size/MD5: 52298 8d3e15320e81595c47f620b84d683008 http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.3ubuntu0.1_i386.deb Size/MD5: 50400 6f84abc1a297ec90540b69f017c92191 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.3ubuntu0.1_i386.deb Size/MD5: 152680 902f2fa39200df4c9ac4e8cfcab8d5a1 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.3ubuntu0.1_i386.deb Size/MD5: 258066 7033a447f8e1847b93312bfa9f9c02ec http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.3ubuntu0.1_i386.deb Size/MD5: 110840 64ed0e4b55f330ad24045809e72ccd06 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.3ubuntu0.1_powerpc.deb Size/MD5: 264940 70dd4d15d19b170f1c70d38d0bc10193 http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_powerpc.deb Size/MD5: 56018 5b54526494ddf58a33e4bdf543bba780 http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_powerpc.deb Size/MD5: 56380 56032db698c428dcbe75b4d757512b93 http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.3ubuntu0.1_powerpc.deb Size/MD5: 55278 14739969a83cde545f3b0e66f8ce3101 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.3ubuntu0.1_powerpc.deb Size/MD5: 194980 c1e2415b877b8193fe354b1b94d967c6 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.3ubuntu0.1_powerpc.deb Size/MD5: 267870 9a90c5d48cad62a75d2407ad599fc154 http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.3ubuntu0.1_powerpc.deb Size/MD5: 121432 f23c6ac86b2abd990251f3ea30a283bd Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5ubuntu1.1.diff.gz Size/MD5: 31862 3524326b12a7f4c2a54083112a441980 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5ubuntu1.1.dsc Size/MD5: 1123 6dc5725b50d570fdc3afaa31f6243fc2 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.orig.tar.gz Size/MD5: 1531667 670f9a0c0a99cf09d679cd5c859a3715 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu1.1_amd64.deb Size/MD5: 259210 287831264637aedc415a393847aaa066 http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu1.1_amd64.deb Size/MD5: 54948 17e37f99a905e84cd76351fcbeac834c http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu1.1_amd64.deb Size/MD5: 54588 ab164006d7872d14c6778bd132ed1b23 http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5ubuntu1.1_amd64.deb Size/MD5: 52918 742856dceb4a990996f168a115b5d2f7 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5ubuntu1.1_amd64.deb Size/MD5: 171660 e8ebfc525ada0011c5860a8ea820c6aa http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5ubuntu1.1_amd64.deb Size/MD5: 265256 9be5062981bdea93da18e3a24fbbb061 http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5ubuntu1.1_amd64.deb Size/MD5: 118028 807e7c5b7e0837c5bf93e7a2963f18ef i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu1.1_i386.deb Size/MD5: 243314 a0a5e5f019fabd504c1168ce60f053ec http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu1.1_i386.deb Size/MD5: 52906 dfb616094ef57f7591ad8f966b4b4d03 http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu1.1_i386.deb Size/MD5: 52722 03f25ef77dfd9c2cce364101ed0ed633 http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5ubuntu1.1_i386.deb Size/MD5: 50824 9150dd1343df64ee2c57eb240ecfe498 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5ubuntu1.1_i386.deb Size/MD5: 153116 dee82b6c2ca3f763075ff3d5e824ee55 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5ubuntu1.1_i386.deb Size/MD5: 258560 df153bf88fae21444d00afe5c5c1fc90 http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5ubuntu1.1_i386.deb Size/MD5: 110772 5566e338cc8f4ebb754b5dc5a25b7a00 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu1.1_powerpc.deb Size/MD5: 265354 ebe27122c4b062fa1f1ef906830c19c2 http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu1.1_powerpc.deb Size/MD5: 56622 7274aa84b2169d61ae8a5f8f1fe167d0 http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu1.1_powerpc.deb Size/MD5: 56820 e9b6941fba543aedad4233c093a7ef86 http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5ubuntu1.1_powerpc.deb Size/MD5: 55704 80c45956bd1585e718eeefa64843d017 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5ubuntu1.1_powerpc.deb Size/MD5: 195596 696a075b2b9a10ee61721dfca74368b4 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5ubuntu1.1_powerpc.deb Size/MD5: 268496 1d4a058025aa4210dc4aea5642e126ef http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5ubuntu1.1_powerpc.deb Size/MD5: 122386 71f7a563360db5af4cff6a922e6cdc88 Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5ubuntu4.2.diff.gz Size/MD5: 32238 4379bdd1b85a544b1b8200f4bd75ef22 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5ubuntu4.2.dsc Size/MD5: 1118 3dd711ae4a6b42a25c3ba17c5f9a0184 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.orig.tar.gz Size/MD5: 1531667 670f9a0c0a99cf09d679cd5c859a3715 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu4.2_amd64.deb Size/MD5: 258702 06e792a8a438c8347e364516d2d481e1 http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu4.2_amd64.deb Size/MD5: 55334 03cebb2b22658b6171a75ea73940b44e http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu4.2_amd64.deb Size/MD5: 54902 32f5cdff758267e7e67c2901b12b3262 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5ubuntu4.2_amd64.deb Size/MD5: 53392 8acf7ae921df96d2460503f4b100d1e9 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5ubuntu4.2_amd64.deb Size/MD5: 170336 c7067225cf809df464530d11700f4b1a http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5ubuntu4.2_amd64.deb Size/MD5: 265392 9519f2faec1133bf07bd4e6262b37674 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5ubuntu4.2_amd64.deb Size/MD5: 120368 c62cca6d7ddbab89ca1d6618a9a4301e i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu4.2_i386.deb Size/MD5: 238452 43b2451a409fa46438c1ed6001ad0518 http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu4.2_i386.deb Size/MD5: 52186 1fd7114b1c355e934f0b3363bed46293 http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu4.2_i386.deb Size/MD5: 52068 58fab05b8c2d7c3e79a6101916aeff76 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5ubuntu4.2_i386.deb Size/MD5: 50668 4227edf80ec5b33196b605221d2637bf http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5ubuntu4.2_i386.deb Size/MD5: 148696 ef3c461dd0ef63c66d0c2445f98db5c2 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5ubuntu4.2_i386.deb Size/MD5: 257950 b471034597675dbfb182134de1bcffae http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5ubuntu4.2_i386.deb Size/MD5: 110322 77f37efe9cf5edabced6ffb2a2c4937d powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu4.2_powerpc.deb Size/MD5: 263098 d1e24e56a8e8ea8f45fb20125afb513a http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu4.2_powerpc.deb Size/MD5: 57070 62459acdd743c3ad9f157f6fb924b1ec http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu4.2_powerpc.deb Size/MD5: 57118 4a38b908ca8756b72007e2f6d3bd7da1 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5ubuntu4.2_powerpc.deb Size/MD5: 56332 5e512eade662a77ced5a75b91260990c http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5ubuntu4.2_powerpc.deb Size/MD5: 195132 dbcc356c7ac44eb2baf60f272887b365 http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5ubuntu4.2_powerpc.deb Size/MD5: 269998 6fdecbfe27152db023c579a046fdf0cf http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5ubuntu4.2_powerpc.deb Size/MD5: 126618 6ae431cb9da835c0c443f802398d8a15
Attachment:
signature.asc
Description: Digital signature