lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1DBLJc-0001CU-2P@updates.mandrakesoft.com>
Date: Tue, 15 Mar 2005 16:19:08 -0700
From: Mandrakelinux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:054 - Updated cyrus-sasl packages fix vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           cyrus-sasl
 Advisory ID:            MDKSA-2005:054
 Date:                   March 15th, 2005

 Affected versions:	 10.0, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 A buffer overflow was discovered in cyrus-sasl's digestmd5 code.  This
 could lead to a remote attacker executing code in the context of the
 service using SASL authentication.  This vulnerability was fixed
 upstream in version 2.1.19.
 
 The updated packages are patched to deal with this issue.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0373
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 c965657c81701b081fee1a96da4d01a4  10.0/RPMS/cyrus-sasl-2.1.15-10.2.100mdk.i586.rpm
 c2933e9b68c42a5496b12812d9899a6c  10.0/RPMS/libsasl2-2.1.15-10.2.100mdk.i586.rpm
 a127e8480ad3decc7235cf3a1115abc2  10.0/RPMS/libsasl2-devel-2.1.15-10.2.100mdk.i586.rpm
 13846d2883187f58d0d2f8b6b0f38e1d  10.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.2.100mdk.i586.rpm
 6de10ba00aade07c66e97c1a4d092a12  10.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.2.100mdk.i586.rpm
 bf48f500c3e1620107ae0da33c1bf80d  10.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.2.100mdk.i586.rpm
 397316f4f40bd527023a1b16f84cef79  10.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.2.100mdk.i586.rpm
 c319d819b12fa73b0542775eedc3e88e  10.0/RPMS/libsasl2-plug-login-2.1.15-10.2.100mdk.i586.rpm
 d952125ee7b241fc4d25278f542208f6  10.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.2.100mdk.i586.rpm
 7637c809edf6b7f7d4b2e489a52209e8  10.0/RPMS/libsasl2-plug-otp-2.1.15-10.2.100mdk.i586.rpm
 b3a33d07209d28b2059adba1efddcc26  10.0/RPMS/libsasl2-plug-plain-2.1.15-10.2.100mdk.i586.rpm
 82f3297fcbe19a766fcdbb445787d400  10.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.2.100mdk.i586.rpm
 10436f6c81cf89d6f9cdc8a6b96f35e8  10.0/RPMS/libsasl2-plug-srp-2.1.15-10.2.100mdk.i586.rpm
 0ea10d6b7a558b5261643628afe6cb51  10.0/SRPMS/cyrus-sasl-2.1.15-10.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 8e9dbf93cb8c802885b66e3239eea41a  amd64/10.0/RPMS/cyrus-sasl-2.1.15-10.2.100mdk.amd64.rpm
 16f2942eb0b01de2c537074276d187d4  amd64/10.0/RPMS/lib64sasl2-2.1.15-10.2.100mdk.amd64.rpm
 d9e2132fcea107e1cb000ff839ba41d7  amd64/10.0/RPMS/lib64sasl2-devel-2.1.15-10.2.100mdk.amd64.rpm
 4c98fc6d9e0c5d47fe5579fda042513b  amd64/10.0/RPMS/lib64sasl2-plug-anonymous-2.1.15-10.2.100mdk.amd64.rpm
 f0ff3fa8911def573fbce23d8a0087b9  amd64/10.0/RPMS/lib64sasl2-plug-crammd5-2.1.15-10.2.100mdk.amd64.rpm
 5551007c97bde6ed70669afe2edf6e51  amd64/10.0/RPMS/lib64sasl2-plug-digestmd5-2.1.15-10.2.100mdk.amd64.rpm
 76dc167feea4115465df02f994a8c13d  amd64/10.0/RPMS/lib64sasl2-plug-gssapi-2.1.15-10.2.100mdk.amd64.rpm
 8cca7287a249c57a7df00dcb5f69fe2e  amd64/10.0/RPMS/lib64sasl2-plug-login-2.1.15-10.2.100mdk.amd64.rpm
 fcc7a47163ec36c74de45c6cef3a8a95  amd64/10.0/RPMS/lib64sasl2-plug-ntlm-2.1.15-10.2.100mdk.amd64.rpm
 47a65ffc42afb7bc8ad169e2040037c1  amd64/10.0/RPMS/lib64sasl2-plug-otp-2.1.15-10.2.100mdk.amd64.rpm
 86ce6aa9fee0a58e91473fd857780f7d  amd64/10.0/RPMS/lib64sasl2-plug-plain-2.1.15-10.2.100mdk.amd64.rpm
 097aba79c22d4cf3651715aa81599347  amd64/10.0/RPMS/lib64sasl2-plug-sasldb-2.1.15-10.2.100mdk.amd64.rpm
 817b5efbe462906f98417c961fb9ddb4  amd64/10.0/RPMS/lib64sasl2-plug-srp-2.1.15-10.2.100mdk.amd64.rpm
 0ea10d6b7a558b5261643628afe6cb51  amd64/10.0/SRPMS/cyrus-sasl-2.1.15-10.2.100mdk.src.rpm

 Corporate 3.0:
 9430016037f143ccd95783a2ae838b60  corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.2.C30mdk.i586.rpm
 f7ba0882813eff2368f961d512cebc05  corporate/3.0/RPMS/libsasl2-2.1.15-10.2.C30mdk.i586.rpm
 4962b88c78bd0d587e10d07bf0dce5a8  corporate/3.0/RPMS/libsasl2-devel-2.1.15-10.2.C30mdk.i586.rpm
 e4c3b30a807fa116657c63cd6c2384a5  corporate/3.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.2.C30mdk.i586.rpm
 b556f8bb89893f2e442002e040aeb2c6  corporate/3.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.2.C30mdk.i586.rpm
 c3eda3cc2b77098f192fbd43b5087a3f  corporate/3.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.2.C30mdk.i586.rpm
 90b468d8bf576532529a37eaf630a150  corporate/3.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.2.C30mdk.i586.rpm
 7bc65bb2eaed577f2faf01b82f0b20e0  corporate/3.0/RPMS/libsasl2-plug-login-2.1.15-10.2.C30mdk.i586.rpm
 0250d76b422f047afc3e9613d067cf8b  corporate/3.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.2.C30mdk.i586.rpm
 cc6a94f26ea6b5351ecd4c389b6abf47  corporate/3.0/RPMS/libsasl2-plug-otp-2.1.15-10.2.C30mdk.i586.rpm
 9f81be183209e69059287098c90dd28b  corporate/3.0/RPMS/libsasl2-plug-plain-2.1.15-10.2.C30mdk.i586.rpm
 51b7cde7664b0f9bc6b7cc71cbddbf9c  corporate/3.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.2.C30mdk.i586.rpm
 9a799ea09b1b4469bb95d543a661d3ec  corporate/3.0/RPMS/libsasl2-plug-srp-2.1.15-10.2.C30mdk.i586.rpm
 f34c98de51085359bdaaaea619e7c735  corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 25582eb4340f4b85d82e3d9c0fcc03f7  x86_64/corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.2.C30mdk.x86_64.rpm
 d7e42e6022d8f490f9b4d0df80334c05  x86_64/corporate/3.0/RPMS/lib64sasl2-2.1.15-10.2.C30mdk.x86_64.rpm
 a7e1ee54704b52a23eb52a5426e669aa  x86_64/corporate/3.0/RPMS/lib64sasl2-devel-2.1.15-10.2.C30mdk.x86_64.rpm
 d5479403c2e037a61ea2f98ec115f705  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-anonymous-2.1.15-10.2.C30mdk.x86_64.rpm
 807df45e6f0940aca1afb8a4f1799649  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-crammd5-2.1.15-10.2.C30mdk.x86_64.rpm
 0f8a19b4a3d018d1284361c9d01bc22d  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-digestmd5-2.1.15-10.2.C30mdk.x86_64.rpm
 96998110c98470af995f3e5bd95c8e1d  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-gssapi-2.1.15-10.2.C30mdk.x86_64.rpm
 880706198b6af174b944e8d133fcdaad  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-login-2.1.15-10.2.C30mdk.x86_64.rpm
 00758faa06b98f406d41638e403e3adc  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-ntlm-2.1.15-10.2.C30mdk.x86_64.rpm
 9cbed477e4af016a6226395a8a74806f  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-otp-2.1.15-10.2.C30mdk.x86_64.rpm
 9758e8c5fa232f42c5137634bf5111c8  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-plain-2.1.15-10.2.C30mdk.x86_64.rpm
 6b39c3d16308992604499b6927d7831f  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-sasldb-2.1.15-10.2.C30mdk.x86_64.rpm
 e275c19f5d19a4e06ec8982299fef72e  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-srp-2.1.15-10.2.C30mdk.x86_64.rpm
 f34c98de51085359bdaaaea619e7c735  x86_64/corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCN21smqjQ0CJFipgRAp4HAKDv8A/VP0ELYPhjOvIVYz7JvKDPhwCfQrfk
/0SZI6W0Fh2orgdFpUsN0A0=
=5CnM
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ