[ MDKSA-2006:073 ] - Updated cyrus-sasl packages addresses vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:073
http://www.mandriva.com/security/
_______________________________________________________________________
Package : cyrus-sasl
Date : April 24, 2006
Affected: 10.2, Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A vulnerability in the CMU Cyrus Simple Authentication and Security
Layer (SASL) library < 2.1.21, has an unknown impact and remote
unauthenticated attack vectors, related to DIGEST-MD5 negotiation. In
practice, Marcus Meissner found it is possible to crash the cyrus-imapd
daemon with a carefully crafted communication that leaves out
"realm=..." in the reply or the initial server response.
Updated packages have been patched to address this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721
_______________________________________________________________________
Updated Packages:
Mandriva Linux 10.2:
0f6e423a1ef3803f9b6777e827977b3d
10.2/RPMS/cyrus-sasl-2.1.19-12.1.102mdk.i586.rpm
2e37644e8b213c87f36182e4af6eb433
10.2/RPMS/libsasl2-2.1.19-12.1.102mdk.i586.rpm
2b2c4cf9ea3fd956e9de41e91e4c4fbf
10.2/RPMS/libsasl2-devel-2.1.19-12.1.102mdk.i586.rpm
2173a85249e7db834a966b7cd6e8d5b4
10.2/RPMS/libsasl2-plug-anonymous-2.1.19-12.1.102mdk.i586.rpm
7d9f04136abdfd24487209226c6ab5d7
10.2/RPMS/libsasl2-plug-crammd5-2.1.19-12.1.102mdk.i586.rpm
a0e0468a37eeb1af3e3a9a8635900d1b
10.2/RPMS/libsasl2-plug-digestmd5-2.1.19-12.1.102mdk.i586.rpm
8b752a8a31d0948f9a1b0564fbcb724e
10.2/RPMS/libsasl2-plug-gssapi-2.1.19-12.1.102mdk.i586.rpm
3fbc57415040abca570130360a25224d
10.2/RPMS/libsasl2-plug-login-2.1.19-12.1.102mdk.i586.rpm
8907de7fa38e47c4bfece4001b137aa2
10.2/RPMS/libsasl2-plug-ntlm-2.1.19-12.1.102mdk.i586.rpm
545880d896754e11d17cb372c418e778
10.2/RPMS/libsasl2-plug-otp-2.1.19-12.1.102mdk.i586.rpm
0a5882eb7e2c92c7d1fed113a7f18bd5
10.2/RPMS/libsasl2-plug-plain-2.1.19-12.1.102mdk.i586.rpm
667f46d4b52290df98b9af19ee21dee6
10.2/RPMS/libsasl2-plug-sasldb-2.1.19-12.1.102mdk.i586.rpm
df6c6c9920af062ed2cbf3ee4c1f9594
10.2/RPMS/libsasl2-plug-sql-2.1.19-12.1.102mdk.i586.rpm
cc933c21e9066d307bb30e4272dab7bb
10.2/RPMS/libsasl2-plug-srp-2.1.19-12.1.102mdk.i586.rpm
4551b0897bf06e66ac70d9f139b8765f
10.2/SRPMS/cyrus-sasl-2.1.19-12.1.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
39fd1454e83c134507ca8808da363687
x86_64/10.2/RPMS/cyrus-sasl-2.1.19-12.1.102mdk.x86_64.rpm
57afeeebed5b3fa7ff3e2b2839ccce57
x86_64/10.2/RPMS/lib64sasl2-2.1.19-12.1.102mdk.x86_64.rpm
d12ce309789ddc682e1950001ec19389
x86_64/10.2/RPMS/lib64sasl2-devel-2.1.19-12.1.102mdk.x86_64.rpm
a83ae6920b1f8e4b7bf8461cbf6c5189
x86_64/10.2/RPMS/lib64sasl2-plug-anonymous-2.1.19-12.1.102mdk.x86_64.rpm
d30a0b7d795925f2ea85b5d7f3f438b0
x86_64/10.2/RPMS/lib64sasl2-plug-crammd5-2.1.19-12.1.102mdk.x86_64.rpm
fe36af2939a515c0cfcdb060659e5205
x86_64/10.2/RPMS/lib64sasl2-plug-digestmd5-2.1.19-12.1.102mdk.x86_64.rpm
0addc7200f5c435eb831245bda7e2f10
x86_64/10.2/RPMS/lib64sasl2-plug-gssapi-2.1.19-12.1.102mdk.x86_64.rpm
00b84e5dc048bdbd201fb92578510a7d
x86_64/10.2/RPMS/lib64sasl2-plug-login-2.1.19-12.1.102mdk.x86_64.rpm
fc4ab1994c1152c227d07b8ef2002bfc
x86_64/10.2/RPMS/lib64sasl2-plug-ntlm-2.1.19-12.1.102mdk.x86_64.rpm
d4fd5b860b88e9da40ffbb19f7f1774d
x86_64/10.2/RPMS/lib64sasl2-plug-otp-2.1.19-12.1.102mdk.x86_64.rpm
72aeb079de7722039b218cd3c2a20466
x86_64/10.2/RPMS/lib64sasl2-plug-plain-2.1.19-12.1.102mdk.x86_64.rpm
5d0a5312b270d4d3f7cef16f913904a2
x86_64/10.2/RPMS/lib64sasl2-plug-sasldb-2.1.19-12.1.102mdk.x86_64.rpm
f22d9bb0f6271ce0df23c43465e0ada9
x86_64/10.2/RPMS/lib64sasl2-plug-sql-2.1.19-12.1.102mdk.x86_64.rpm
035d220ffceae7ed7cebb283109e4b61
x86_64/10.2/RPMS/lib64sasl2-plug-srp-2.1.19-12.1.102mdk.x86_64.rpm
4551b0897bf06e66ac70d9f139b8765f
x86_64/10.2/SRPMS/cyrus-sasl-2.1.19-12.1.102mdk.src.rpm
Corporate 3.0:
930ea7b485d2a0602825e46ec4834270
corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.5.C30mdk.i586.rpm
e9667c09be3be825f9d67e9c608ebee9
corporate/3.0/RPMS/libsasl2-2.1.15-10.5.C30mdk.i586.rpm
26681a8fd727e325a4ab41fdf0f76d5b
corporate/3.0/RPMS/libsasl2-devel-2.1.15-10.5.C30mdk.i586.rpm
531e71aabe2ba6a33db9e25b16d600b3
corporate/3.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.5.C30mdk.i586.rpm
4f2ddc1b1af415ed62216df4fa7a1990
corporate/3.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.5.C30mdk.i586.rpm
41e834325c30d3df778be78ee20936ac
corporate/3.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.5.C30mdk.i586.rpm
6fb04d4b4ff321f1743afebcc4bc04af
corporate/3.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.5.C30mdk.i586.rpm
2ecbbc9319c881130eee4f32c2ecd13d
corporate/3.0/RPMS/libsasl2-plug-login-2.1.15-10.5.C30mdk.i586.rpm
7dd9267c007aa2d4e7477564b1d0053f
corporate/3.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.5.C30mdk.i586.rpm
5022c174c4fc977a89200df7639061b3
corporate/3.0/RPMS/libsasl2-plug-otp-2.1.15-10.5.C30mdk.i586.rpm
dd5332fbaca9ed53148c514833c85662
corporate/3.0/RPMS/libsasl2-plug-plain-2.1.15-10.5.C30mdk.i586.rpm
721fddfeb6929f20c0b0a036cd94af85
corporate/3.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.5.C30mdk.i586.rpm
91fad35e0d021b48e0724f1028fdb95f
corporate/3.0/RPMS/libsasl2-plug-srp-2.1.15-10.5.C30mdk.i586.rpm
a47121c61c1d764dd174fb87ba15e11e
corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.5.C30mdk.src.rpm
Corporate 3.0/X86_64:
1d28b4d2b3011e989ab92bdd2567e743
x86_64/corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.5.C30mdk.x86_64.rpm
d722baf79d0b9db27279db46107d7703
x86_64/corporate/3.0/RPMS/lib64sasl2-2.1.15-10.5.C30mdk.x86_64.rpm
d2e284770fc354b547e20e92795cdf00
x86_64/corporate/3.0/RPMS/lib64sasl2-devel-2.1.15-10.5.C30mdk.x86_64.rpm
d59de45402ce7290a7d4c8e305057ba5
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-anonymous-2.1.15-10.5.C30mdk.x86_64.rpm
2972d5ea5d139ebf54971a3e4b983631
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-crammd5-2.1.15-10.5.C30mdk.x86_64.rpm
201aed549c8efc3bfdd23e15d4e0c95d
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-digestmd5-2.1.15-10.5.C30mdk.x86_64.rpm
373cac68a6d6fe16adf4f10d27cd9b44
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-gssapi-2.1.15-10.5.C30mdk.x86_64.rpm
1382da3f31460f7596c5ce3099194c78
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-login-2.1.15-10.5.C30mdk.x86_64.rpm
ac1fc40eb0c6b613321032325c91564c
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-ntlm-2.1.15-10.5.C30mdk.x86_64.rpm
a6b6433706ef5316e9b38c36b5490941
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-otp-2.1.15-10.5.C30mdk.x86_64.rpm
6f845c26b0df123330a8e7dc9e41a3da
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-plain-2.1.15-10.5.C30mdk.x86_64.rpm
130905710e927b237b8f3b4a09c56823
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-sasldb-2.1.15-10.5.C30mdk.x86_64.rpm
1560672b155b37e4432e58065662ef25
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-srp-2.1.15-10.5.C30mdk.x86_64.rpm
a47121c61c1d764dd174fb87ba15e11e
x86_64/corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.5.C30mdk.src.rpm
Multi Network Firewall 2.0:
8b6d21b255eb0423935e4755b8d5e14a
mnf/2.0/RPMS/cyrus-sasl-2.1.15-10.5.M20mdk.i586.rpm
fdb7603310a32f2e44bcf5138fa97a93
mnf/2.0/RPMS/libsasl2-2.1.15-10.5.M20mdk.i586.rpm
4212f51dc7713dcc2551271a4e193ae7
mnf/2.0/RPMS/libsasl2-devel-2.1.15-10.5.M20mdk.i586.rpm
34115f9f7d4da76ec1aae5e97d30e649
mnf/2.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.5.M20mdk.i586.rpm
4c3a147915c049be92c4706ee25ecf62
mnf/2.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.5.M20mdk.i586.rpm
cbdf0553d8b352920c19ec71fa657c1f
mnf/2.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.5.M20mdk.i586.rpm
c9c5c214b8a08441b343b5b8f4f1f4ee
mnf/2.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.5.M20mdk.i586.rpm
275828de1aa4acb4e9f425004114ddc2
mnf/2.0/RPMS/libsasl2-plug-login-2.1.15-10.5.M20mdk.i586.rpm
788c1a1134884135899e734b8071602e
mnf/2.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.5.M20mdk.i586.rpm
a920489cdfd9072f9189d5bebda99c03
mnf/2.0/RPMS/libsasl2-plug-otp-2.1.15-10.5.M20mdk.i586.rpm
f184c2d1696670d5a332577535f2b6e5
mnf/2.0/RPMS/libsasl2-plug-plain-2.1.15-10.5.M20mdk.i586.rpm
4b8e4add36ce7bfb1a3b13360ee4a8c5
mnf/2.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.5.M20mdk.i586.rpm
52d4ee53157468483f15c3f58888db3b
mnf/2.0/RPMS/libsasl2-plug-srp-2.1.15-10.5.M20mdk.i586.rpm
07885e682d6eb07d7316fda28f31bda5
mnf/2.0/SRPMS/cyrus-sasl-2.1.15-10.5.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFETQHOmqjQ0CJFipgRAnR0AKC/ZJxAqd0AfU2VjyI785X9E/bN4gCg2VEQ
xEt8+xfAUd8no5mCIAm2h/k=
=UqJL
-----END PGP SIGNATURE-----