lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1FY8lk-0000VG-Q2@mercury.mandriva.com>
Date: Mon, 24 Apr 2006 15:38:56 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2006:073 ] - Updated cyrus-sasl packages addresses vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:073
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : cyrus-sasl
 Date    : April 24, 2006
 Affected: 10.2, Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability in the CMU Cyrus Simple Authentication and Security
 Layer (SASL) library < 2.1.21, has an unknown impact and remote
 unauthenticated attack vectors, related to DIGEST-MD5 negotiation. In
 practice, Marcus Meissner found it is possible to crash the cyrus-imapd
 daemon with a carefully crafted communication that leaves out
 "realm=..." in the reply or the initial server response.
 
 Updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.2:
 0f6e423a1ef3803f9b6777e827977b3d  10.2/RPMS/cyrus-sasl-2.1.19-12.1.102mdk.i586.rpm
 2e37644e8b213c87f36182e4af6eb433  10.2/RPMS/libsasl2-2.1.19-12.1.102mdk.i586.rpm
 2b2c4cf9ea3fd956e9de41e91e4c4fbf  10.2/RPMS/libsasl2-devel-2.1.19-12.1.102mdk.i586.rpm
 2173a85249e7db834a966b7cd6e8d5b4  10.2/RPMS/libsasl2-plug-anonymous-2.1.19-12.1.102mdk.i586.rpm
 7d9f04136abdfd24487209226c6ab5d7  10.2/RPMS/libsasl2-plug-crammd5-2.1.19-12.1.102mdk.i586.rpm
 a0e0468a37eeb1af3e3a9a8635900d1b  10.2/RPMS/libsasl2-plug-digestmd5-2.1.19-12.1.102mdk.i586.rpm
 8b752a8a31d0948f9a1b0564fbcb724e  10.2/RPMS/libsasl2-plug-gssapi-2.1.19-12.1.102mdk.i586.rpm
 3fbc57415040abca570130360a25224d  10.2/RPMS/libsasl2-plug-login-2.1.19-12.1.102mdk.i586.rpm
 8907de7fa38e47c4bfece4001b137aa2  10.2/RPMS/libsasl2-plug-ntlm-2.1.19-12.1.102mdk.i586.rpm
 545880d896754e11d17cb372c418e778  10.2/RPMS/libsasl2-plug-otp-2.1.19-12.1.102mdk.i586.rpm
 0a5882eb7e2c92c7d1fed113a7f18bd5  10.2/RPMS/libsasl2-plug-plain-2.1.19-12.1.102mdk.i586.rpm
 667f46d4b52290df98b9af19ee21dee6  10.2/RPMS/libsasl2-plug-sasldb-2.1.19-12.1.102mdk.i586.rpm
 df6c6c9920af062ed2cbf3ee4c1f9594  10.2/RPMS/libsasl2-plug-sql-2.1.19-12.1.102mdk.i586.rpm
 cc933c21e9066d307bb30e4272dab7bb  10.2/RPMS/libsasl2-plug-srp-2.1.19-12.1.102mdk.i586.rpm
 4551b0897bf06e66ac70d9f139b8765f  10.2/SRPMS/cyrus-sasl-2.1.19-12.1.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 39fd1454e83c134507ca8808da363687  x86_64/10.2/RPMS/cyrus-sasl-2.1.19-12.1.102mdk.x86_64.rpm
 57afeeebed5b3fa7ff3e2b2839ccce57  x86_64/10.2/RPMS/lib64sasl2-2.1.19-12.1.102mdk.x86_64.rpm
 d12ce309789ddc682e1950001ec19389  x86_64/10.2/RPMS/lib64sasl2-devel-2.1.19-12.1.102mdk.x86_64.rpm
 a83ae6920b1f8e4b7bf8461cbf6c5189  x86_64/10.2/RPMS/lib64sasl2-plug-anonymous-2.1.19-12.1.102mdk.x86_64.rpm
 d30a0b7d795925f2ea85b5d7f3f438b0  x86_64/10.2/RPMS/lib64sasl2-plug-crammd5-2.1.19-12.1.102mdk.x86_64.rpm
 fe36af2939a515c0cfcdb060659e5205  x86_64/10.2/RPMS/lib64sasl2-plug-digestmd5-2.1.19-12.1.102mdk.x86_64.rpm
 0addc7200f5c435eb831245bda7e2f10  x86_64/10.2/RPMS/lib64sasl2-plug-gssapi-2.1.19-12.1.102mdk.x86_64.rpm
 00b84e5dc048bdbd201fb92578510a7d  x86_64/10.2/RPMS/lib64sasl2-plug-login-2.1.19-12.1.102mdk.x86_64.rpm
 fc4ab1994c1152c227d07b8ef2002bfc  x86_64/10.2/RPMS/lib64sasl2-plug-ntlm-2.1.19-12.1.102mdk.x86_64.rpm
 d4fd5b860b88e9da40ffbb19f7f1774d  x86_64/10.2/RPMS/lib64sasl2-plug-otp-2.1.19-12.1.102mdk.x86_64.rpm
 72aeb079de7722039b218cd3c2a20466  x86_64/10.2/RPMS/lib64sasl2-plug-plain-2.1.19-12.1.102mdk.x86_64.rpm
 5d0a5312b270d4d3f7cef16f913904a2  x86_64/10.2/RPMS/lib64sasl2-plug-sasldb-2.1.19-12.1.102mdk.x86_64.rpm
 f22d9bb0f6271ce0df23c43465e0ada9  x86_64/10.2/RPMS/lib64sasl2-plug-sql-2.1.19-12.1.102mdk.x86_64.rpm
 035d220ffceae7ed7cebb283109e4b61  x86_64/10.2/RPMS/lib64sasl2-plug-srp-2.1.19-12.1.102mdk.x86_64.rpm
 4551b0897bf06e66ac70d9f139b8765f  x86_64/10.2/SRPMS/cyrus-sasl-2.1.19-12.1.102mdk.src.rpm

 Corporate 3.0:
 930ea7b485d2a0602825e46ec4834270  corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.5.C30mdk.i586.rpm
 e9667c09be3be825f9d67e9c608ebee9  corporate/3.0/RPMS/libsasl2-2.1.15-10.5.C30mdk.i586.rpm
 26681a8fd727e325a4ab41fdf0f76d5b  corporate/3.0/RPMS/libsasl2-devel-2.1.15-10.5.C30mdk.i586.rpm
 531e71aabe2ba6a33db9e25b16d600b3  corporate/3.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.5.C30mdk.i586.rpm
 4f2ddc1b1af415ed62216df4fa7a1990  corporate/3.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.5.C30mdk.i586.rpm
 41e834325c30d3df778be78ee20936ac  corporate/3.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.5.C30mdk.i586.rpm
 6fb04d4b4ff321f1743afebcc4bc04af  corporate/3.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.5.C30mdk.i586.rpm
 2ecbbc9319c881130eee4f32c2ecd13d  corporate/3.0/RPMS/libsasl2-plug-login-2.1.15-10.5.C30mdk.i586.rpm
 7dd9267c007aa2d4e7477564b1d0053f  corporate/3.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.5.C30mdk.i586.rpm
 5022c174c4fc977a89200df7639061b3  corporate/3.0/RPMS/libsasl2-plug-otp-2.1.15-10.5.C30mdk.i586.rpm
 dd5332fbaca9ed53148c514833c85662  corporate/3.0/RPMS/libsasl2-plug-plain-2.1.15-10.5.C30mdk.i586.rpm
 721fddfeb6929f20c0b0a036cd94af85  corporate/3.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.5.C30mdk.i586.rpm
 91fad35e0d021b48e0724f1028fdb95f  corporate/3.0/RPMS/libsasl2-plug-srp-2.1.15-10.5.C30mdk.i586.rpm
 a47121c61c1d764dd174fb87ba15e11e  corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 1d28b4d2b3011e989ab92bdd2567e743  x86_64/corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.5.C30mdk.x86_64.rpm
 d722baf79d0b9db27279db46107d7703  x86_64/corporate/3.0/RPMS/lib64sasl2-2.1.15-10.5.C30mdk.x86_64.rpm
 d2e284770fc354b547e20e92795cdf00  x86_64/corporate/3.0/RPMS/lib64sasl2-devel-2.1.15-10.5.C30mdk.x86_64.rpm
 d59de45402ce7290a7d4c8e305057ba5  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-anonymous-2.1.15-10.5.C30mdk.x86_64.rpm
 2972d5ea5d139ebf54971a3e4b983631  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-crammd5-2.1.15-10.5.C30mdk.x86_64.rpm
 201aed549c8efc3bfdd23e15d4e0c95d  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-digestmd5-2.1.15-10.5.C30mdk.x86_64.rpm
 373cac68a6d6fe16adf4f10d27cd9b44  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-gssapi-2.1.15-10.5.C30mdk.x86_64.rpm
 1382da3f31460f7596c5ce3099194c78  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-login-2.1.15-10.5.C30mdk.x86_64.rpm
 ac1fc40eb0c6b613321032325c91564c  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-ntlm-2.1.15-10.5.C30mdk.x86_64.rpm
 a6b6433706ef5316e9b38c36b5490941  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-otp-2.1.15-10.5.C30mdk.x86_64.rpm
 6f845c26b0df123330a8e7dc9e41a3da  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-plain-2.1.15-10.5.C30mdk.x86_64.rpm
 130905710e927b237b8f3b4a09c56823  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-sasldb-2.1.15-10.5.C30mdk.x86_64.rpm
 1560672b155b37e4432e58065662ef25  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-srp-2.1.15-10.5.C30mdk.x86_64.rpm
 a47121c61c1d764dd174fb87ba15e11e  x86_64/corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.5.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 8b6d21b255eb0423935e4755b8d5e14a  mnf/2.0/RPMS/cyrus-sasl-2.1.15-10.5.M20mdk.i586.rpm
 fdb7603310a32f2e44bcf5138fa97a93  mnf/2.0/RPMS/libsasl2-2.1.15-10.5.M20mdk.i586.rpm
 4212f51dc7713dcc2551271a4e193ae7  mnf/2.0/RPMS/libsasl2-devel-2.1.15-10.5.M20mdk.i586.rpm
 34115f9f7d4da76ec1aae5e97d30e649  mnf/2.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.5.M20mdk.i586.rpm
 4c3a147915c049be92c4706ee25ecf62  mnf/2.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.5.M20mdk.i586.rpm
 cbdf0553d8b352920c19ec71fa657c1f  mnf/2.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.5.M20mdk.i586.rpm
 c9c5c214b8a08441b343b5b8f4f1f4ee  mnf/2.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.5.M20mdk.i586.rpm
 275828de1aa4acb4e9f425004114ddc2  mnf/2.0/RPMS/libsasl2-plug-login-2.1.15-10.5.M20mdk.i586.rpm
 788c1a1134884135899e734b8071602e  mnf/2.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.5.M20mdk.i586.rpm
 a920489cdfd9072f9189d5bebda99c03  mnf/2.0/RPMS/libsasl2-plug-otp-2.1.15-10.5.M20mdk.i586.rpm
 f184c2d1696670d5a332577535f2b6e5  mnf/2.0/RPMS/libsasl2-plug-plain-2.1.15-10.5.M20mdk.i586.rpm
 4b8e4add36ce7bfb1a3b13360ee4a8c5  mnf/2.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.5.M20mdk.i586.rpm
 52d4ee53157468483f15c3f58888db3b  mnf/2.0/RPMS/libsasl2-plug-srp-2.1.15-10.5.M20mdk.i586.rpm
 07885e682d6eb07d7316fda28f31bda5  mnf/2.0/SRPMS/cyrus-sasl-2.1.15-10.5.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFETQHOmqjQ0CJFipgRAnR0AKC/ZJxAqd0AfU2VjyI785X9E/bN4gCg2VEQ
xEt8+xfAUd8no5mCIAm2h/k=
=UqJL
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ