OVMSA-2022-0010 - cyrus-sasl security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2022-03-21 |
Description
[2.1.23-15.0.1.2]
- Escape password for SQL insert/update commands [CVE-2022-24407][Orabug: 33936121]
[2.1.23-15.2]
- Support AIX SASL GSSAPI (#1174315)
[2.1.23-15.1]
- check a context value in sasl_gss_encode() (#1087221)
[2.1.23-15]
- don't use ' for saslauth user's description (#1081445)
- backport the ad_compat option (#994242)
- fixed a memory leak in the client side DIGEST-MD5 code (#838628)
[2.1.23-14]
- release the GSSAPI server credential handle immediately after the
GSSAPI security context is established (#825863)
[2.1.23-13]
- saslauth now uses nonfixed uid anymore (#730242)
[2.1.23-12]
- saslauth now uses fixed uid and gid (#730242)
[2.1.23-11]
- resolve strict aliasing warnings (#730246)
- repair ntlm support (#720451)
[2.1.23-10]
- recompile libraries with partial relro (#727274)
[2.1.23-8]
- Update init script to impeach pid file (#576209)
[2.1.23-7]
- solve race condition (#577770)
[2.1.23-6]
- update pre, post, preun, postun (#572255)
[2.1.23-5]
- Rewrite spec file, make corect CFLAGS, CPPFLAGS and LDFLAGS,
update postun (#572255)
[2.1.23-4.3]
- Add man page to testtcpauthd (#562126)
[2.1.23-4.2]
- Repair the provide field in spec (#558900)
[2.1.23-4.1]
- Rebuilt for RHEL 6
[2.1.23-4]
- Repair initscript to make condrestart working properly (#522103)
[2.1.23-3]
- Add possibility to run the saslauth without root privilegies (#185614)
[2.1.23-2]
- rebuilt with new openssl
[2.1.23-1]
- update to 2.1.23
[2.1.22-25]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
[2.1.22-24]
- repair sasl_encode64 nul termination (#487251)
[2.1.22-23]
- Don't build the krb4 plugin as krb5 1.7 will drop it (#225974 #c6)
[2.1.22-22]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
[2.1.22-21]
- fix build with gcc-4.4
[2.1.22-20]
- set LDAP_OPT_TIMEOUT (#326452)
- provide LSB compatible init script (#246900)
[2.1.22-19]
- always use the current external db4 when linking,
thanks to Dan Horak for the original patch (#464098)
[2.1.22-18]
- fix most critical build warnings (#433583)
- use external db4
[2.1.22-17]
- always link against the internal db4 (#459163)
- rediff patches for no fuzz
[2.1.22-16]
- update internal db4 (#449737)
[2.1.22-15]
- drop reload from initscript help (#448154)
- fix hang in rimap auth method (#438533)
- build the krb4 plugin (#154675)
[2.1.22-14]
- make it so that bootstrap actually works
[2.1.22-13.1]
- minor release bump for sparc rebuild
[2.1.22-13]
- Autorebuild for GCC 4.3
[2.1.22-12]
- rebuild for gcc4.3
[2.1.22-11]
- Cleanup after merge review bz #225673
- no longer mark /etc/rc.d/init.d/saslauthd as config file
- removed -x permissions on include files
- added devel package dependency on cyrus-sasl
- removed some remaining .la files that were being delivered
[2.1.22-10]
- Rebuild for deps
[2.1.22-9]
- Fixed a typo in the spec file
[2.1.22-8]
- Removed srp plugin source and added dist to NVR
[2.1.22-7]
- use db4 version 4.6.19 bz#249737
[2.1.22-6]
- install config files and init scripts using -p
- pull in patch to build with current automake (#229010, Jacek Konieczny
and Robert Scheck)
- remove prereq on ldconfig, RPM should pick it up based on the -libs
scriptlets
- pull in patch to correctly detect gsskrb5_register_acceptor_identity
(#200892, Mirko Streckenbach)
- move sasldb auxprop modules into the -lib subpackage, so that we'll pick
it up for multilib systems
* Thu Feb 22 2007 Nalin Dahyabhai
- pull CVS fix for not tripping over extra commas in digest-md5
challenges (#229640)
* Fri Feb 16 2007 Nalin Dahyabhai
- remove static build, which is no longer a useful option because not all of
our dependencies are available as static libraries
- drop patches which were needed to keep static builds going
- drop gssapi-generic patch due to lack of interest
- update the bundled copy of db to 4.5.20 (#229012)
- drop dbconverter-2, as we haven't bundled v1 libraries since FC4
[2.1.22-5]
- rebuild
- add 'authentication' or 'auxprop' to summaries for plugin packages to
better indicate what the plugin provides
- switch from automake 1.9 to automake 1.7
[2.1.22-4]
- rebuild without 'dlcompat' bits (#206119)
[2.1.22-3]
- rebuild
[2.1.22-2]
- fix a typo in sasl_client_start(3) (#196066)
[2.1.22-1]
- update to 2.1.22, adding pluginviewer to %{_sbindir}
[2.1.21-12]
- add conditionalized build dependency on openldap-devel (#191855)
- patch md5global.h to be the same on all architectures
[2.1.21-11]
- add unapplied patch which makes the DIGEST-MD5 plugin omit the realm
argument when the environment has set to a
non-zero value, for testing purposes
- add missing buildrequires on zlib-devel (#190113)
[2.1.21-10]
- add missing buildrequires on gdbm-devel (Karsten Hopp)
[2.1.21-9.2]
- bump again for double-long bug on ppc(64)
[2.1.21-9.1]
- rebuilt for new gcc4.1 snapshot and glibc changes
[2.1.21-9]
- use --as-needed to avoid linking dbconverter-2 with SQL libraries, which
it doesn't use because it manipulates files directly (#173321)
* Fri Dec 09 2005 Jesse Keating
- rebuilt
[2.1.21-8]
- rebuild with new OpenLDAP, overriding the version checks to assume that
2.3.11 is acceptable
- remove a lingering patch for 1.x which we no longer use
[2.1.21-7]
- Rebuild due to mysql update.
[2.1.21-6]
- rebuilt with new openssl
[2.1.21-5]
- add missing buildrequires: on groff (#163032)
[2.1.21-4]
- move the ldapdb auxprop support into a subpackage (#167300)
(note: the ldap password check support in saslauthd doesn't use auxprop)
[2.1.21-3]
- correct a use of uninitialized memory in the bundled libdb (Arjan van de Ven)
[2.1.21-2]
- move the ANONYMOUS mech plugin to the -lib subpackage so that multilib
systems can use it without installing the main package
- build the static libraries without sql auxprop support
[2.1.21-1]
- update to 2.1.21
- turn off compilation of libsasl v1 (finally)
- explicitly disable sqlite to avoid the build warning
- change the default mechanism which is set for saslauthd from 'shadow' to
'pam' (#159194)
- split the shared library up from saslauthd so that multilib systems don't
have to pull in every dependency of saslauthd for the compat arch (#166749)
[2.1.20-5]
- rebuild with new deps
[2.1.20-4]
- rebuild with new deps
[2.1.20-3]
- rebuild against db-4.3.21.
[2.1.20-2]
- build with mysql-devel instead of mysqlclient10
[2.1.20-1]
- build with mysqlclient10 instead of mysql-devel
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle VM 3 (x86_64) | cyrus-sasl-2.1.23-15.0.1.el6_6.2.src.rpm | d1bd4c797f5a0810940090519dec2820 | - |
| cyrus-sasl-2.1.23-15.0.1.el6_6.2.x86_64.rpm | 97d6ad27e510a3853c6f39458dab2c60 | - |
| cyrus-sasl-lib-2.1.23-15.0.1.el6_6.2.x86_64.rpm | 88ee0417e99df7c7c290f1dad345d7e4 | - |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
