ELSA-2007-0795

ELSA-2007-0795 - Moderate: cyrus-sasl security and bug fix update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2007-09-04

Description

[2.1.19-14]
- Related: bz250732 Fixed a conflict with an earlier test patch

[2.1.19-13]
- Related: bz250732 Fixed uninitialized stack variable causing segfault

[2.1.19-12]
- Resolves: bz250732 sasl-sample-server crashes with null realm

[2.1.19-11]
- Resolves: bz243910 krb5-libs are not thread-safe
- Resolves: bz244075 Memory leaks in digest-md5 plugin
- Added missing build dependency for groff to spec file

[2.1.19-10]
- reapply fixes for #157012, #190113

[2.1.19-9]
- temporarily back out the fixes for #157012, #190113

[2.1.19-8]
- add unapplied patches which make the DIGEST-MD5 plugins omit the realm
argument when the environment has
set to a
non-zero value, for testing purposes
- add missing build dependency on zlib-devel (#190113)

[2.1.19-7]
- make v1 of the sasl library use /dev/urandom instead of /dev/random, as
we do in v2 of the library at compile-time (#157012)

[2.1.19-6]
- backport fix for segfault in the digest-md5 module in cases when the
client didn't supply a realm (#189814, CVE-2006-1721)

Related CVEs

CVE-2006-1721

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 4 (i386)	cyrus-sasl-2.1.19-14.src.rpm	a72012f60c776a9e8b8ae81a3f6b5c37	-
	cyrus-sasl-2.1.19-14.i386.rpm	17e0546c643441c098e0e30940f369f8	-
	cyrus-sasl-devel-2.1.19-14.i386.rpm	9e942f7baa9796058ffa5234cff41864	-
	cyrus-sasl-gssapi-2.1.19-14.i386.rpm	7d2beda174244aabebdb50c664883cbe	-
	cyrus-sasl-md5-2.1.19-14.i386.rpm	728c4bdc6ed1f4118e597ce45bad84cc	-
	cyrus-sasl-ntlm-2.1.19-14.i386.rpm	14f07cab2d96624f98191857b9879330	-
	cyrus-sasl-plain-2.1.19-14.i386.rpm	d516729e07ef043a59d38739ebaa9a39	-
	cyrus-sasl-sql-2.1.19-14.i386.rpm	d3f8e12ad29efc8fe3e9fba177cb0f9a	-
Oracle Linux 4 (ia64)	cyrus-sasl-2.1.19-14.src.rpm	d409c3efbcc0a54f814074f065c38c49	-
	cyrus-sasl-2.1.19-14.i386.rpm	17e0546c643441c098e0e30940f369f8	-
	cyrus-sasl-2.1.19-14.ia64.rpm	b6def9c4446a940a4a57760e0cf91191	-
	cyrus-sasl-devel-2.1.19-14.ia64.rpm	1f7aa2ffae23c0672798c5657ca5c8d6	-
	cyrus-sasl-gssapi-2.1.19-14.i386.rpm	7d2beda174244aabebdb50c664883cbe	-
	cyrus-sasl-gssapi-2.1.19-14.ia64.rpm	54be03de19a64c94ef656406075b614e	-
	cyrus-sasl-md5-2.1.19-14.i386.rpm	728c4bdc6ed1f4118e597ce45bad84cc	-
	cyrus-sasl-md5-2.1.19-14.ia64.rpm	0b074ccfff8df7c19401912901ba3f43	-
	cyrus-sasl-ntlm-2.1.19-14.i386.rpm	14f07cab2d96624f98191857b9879330	-
	cyrus-sasl-ntlm-2.1.19-14.ia64.rpm	e2ebc8772f5b5ad82e53b90ca553622d	-
	cyrus-sasl-plain-2.1.19-14.i386.rpm	d516729e07ef043a59d38739ebaa9a39	-
	cyrus-sasl-plain-2.1.19-14.ia64.rpm	9ea56166f3457c492214fffe4ea4d117	-
	cyrus-sasl-sql-2.1.19-14.i386.rpm	d3f8e12ad29efc8fe3e9fba177cb0f9a	-
	cyrus-sasl-sql-2.1.19-14.ia64.rpm	74a8644d11fb5701357f91531772d4e2	-
Oracle Linux 4 (x86_64)	cyrus-sasl-2.1.19-14.src.rpm	a72012f60c776a9e8b8ae81a3f6b5c37	-
	cyrus-sasl-2.1.19-14.i386.rpm	17e0546c643441c098e0e30940f369f8	-
	cyrus-sasl-2.1.19-14.x86_64.rpm	a9288bca9e3e79f3cda960f168baf662	-
	cyrus-sasl-devel-2.1.19-14.x86_64.rpm	b98e24521e3aa8c196a0b89238438065	-
	cyrus-sasl-gssapi-2.1.19-14.i386.rpm	7d2beda174244aabebdb50c664883cbe	-
	cyrus-sasl-gssapi-2.1.19-14.x86_64.rpm	9197c59f20e456299db78956a30f2ed1	-
	cyrus-sasl-md5-2.1.19-14.i386.rpm	728c4bdc6ed1f4118e597ce45bad84cc	-
	cyrus-sasl-md5-2.1.19-14.x86_64.rpm	d40ec9e83f40b9b19c094605751fde69	-
	cyrus-sasl-ntlm-2.1.19-14.i386.rpm	14f07cab2d96624f98191857b9879330	-
	cyrus-sasl-ntlm-2.1.19-14.x86_64.rpm	16d9f4849b3547e8029fed2946ef60c6	-
	cyrus-sasl-plain-2.1.19-14.i386.rpm	d516729e07ef043a59d38739ebaa9a39	-
	cyrus-sasl-plain-2.1.19-14.x86_64.rpm	54c5d4ecfa88b68281b060097f1e7e87	-
	cyrus-sasl-sql-2.1.19-14.i386.rpm	d3f8e12ad29efc8fe3e9fba177cb0f9a	-
	cyrus-sasl-sql-2.1.19-14.x86_64.rpm	42ab21c59a3b70ccc920c7e1ee4cbda9	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team