lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NGGMP-0004x7-6e@titan.mandriva.com>
Date: Thu, 03 Dec 2009 19:25:01 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2009:113-1 ] cyrus-sasl


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2009:113-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : cyrus-sasl
 Date    : December 3, 2009
 Affected: 2008.0
 _______________________________________________________________________

 Problem Description:

 Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23
 might allow remote attackers to execute arbitrary code or cause a
 denial of service application crash) via strings that are used as
 input to the sasl_encode64 function in lib/saslutil.c (CVE-2009-0688).
 
 The updated packages have been patched to prevent this.

 Update:

 Packages for 2008.0 are being provided due to extended support for
 Corporate products.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0688
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 0b5da906226132af2c2ed8270343f557  2008.0/i586/cyrus-sasl-2.1.22-23.1mdv2008.0.i586.rpm
 de005340f6be93e76feb3d5fe94e2d54  2008.0/i586/libsasl2-2.1.22-23.1mdv2008.0.i586.rpm
 3d919ce1d732f655ca6be7a89d434acd  2008.0/i586/libsasl2-devel-2.1.22-23.1mdv2008.0.i586.rpm
 540c3b13f892438d8795c17cc89d42bf  2008.0/i586/libsasl2-plug-anonymous-2.1.22-23.1mdv2008.0.i586.rpm
 d13e5e77f0949d58097eb2f734a10255  2008.0/i586/libsasl2-plug-crammd5-2.1.22-23.1mdv2008.0.i586.rpm
 5950850223017fdf5a4b47f0618b55de  2008.0/i586/libsasl2-plug-digestmd5-2.1.22-23.1mdv2008.0.i586.rpm
 5f1c9ad40cdf003c28ca1be8381d8029  2008.0/i586/libsasl2-plug-gssapi-2.1.22-23.1mdv2008.0.i586.rpm
 08bbfad70b61a514204344a125413e14  2008.0/i586/libsasl2-plug-ldapdb-2.1.22-23.1mdv2008.0.i586.rpm
 64386e5dd2a108387dc43379a5513e9c  2008.0/i586/libsasl2-plug-login-2.1.22-23.1mdv2008.0.i586.rpm
 6447f2431d59bc5b30345259f276f6b3  2008.0/i586/libsasl2-plug-ntlm-2.1.22-23.1mdv2008.0.i586.rpm
 93ae062a1aaab4e973859ef402a5a242  2008.0/i586/libsasl2-plug-otp-2.1.22-23.1mdv2008.0.i586.rpm
 91c60f6ec94f4dddc5868588a4b8f68b  2008.0/i586/libsasl2-plug-plain-2.1.22-23.1mdv2008.0.i586.rpm
 f5a00cdd4639421ca1ee15cc0be63eac  2008.0/i586/libsasl2-plug-sasldb-2.1.22-23.1mdv2008.0.i586.rpm
 3d497c02f84a1c3328fdb391643da44c  2008.0/i586/libsasl2-plug-sql-2.1.22-23.1mdv2008.0.i586.rpm 
 6c88dcfd5ab050abd18f4d2983c79300  2008.0/SRPMS/cyrus-sasl-2.1.22-23.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 80d99cc844c67a2a06759bc1e7cc88db  2008.0/x86_64/cyrus-sasl-2.1.22-23.1mdv2008.0.x86_64.rpm
 41b95422b894401eecc2a8681c9dc196  2008.0/x86_64/lib64sasl2-2.1.22-23.1mdv2008.0.x86_64.rpm
 50f33da97b5da9b4bc30ec5bc6d1d659  2008.0/x86_64/lib64sasl2-devel-2.1.22-23.1mdv2008.0.x86_64.rpm
 d4fb022df681b367b8679136f72b592e  2008.0/x86_64/lib64sasl2-plug-anonymous-2.1.22-23.1mdv2008.0.x86_64.rpm
 5d927f67880f4aa762fb367d77641721  2008.0/x86_64/lib64sasl2-plug-crammd5-2.1.22-23.1mdv2008.0.x86_64.rpm
 aed157358368d9ff50959a74fe9c25e4  2008.0/x86_64/lib64sasl2-plug-digestmd5-2.1.22-23.1mdv2008.0.x86_64.rpm
 84d23ab14f7382f7c7ea6b5967ef2f40  2008.0/x86_64/lib64sasl2-plug-gssapi-2.1.22-23.1mdv2008.0.x86_64.rpm
 9e4e676d2fbd739510acc32c0c43be95  2008.0/x86_64/lib64sasl2-plug-ldapdb-2.1.22-23.1mdv2008.0.x86_64.rpm
 4db9412d9b049a07c6cd4a79763d6753  2008.0/x86_64/lib64sasl2-plug-login-2.1.22-23.1mdv2008.0.x86_64.rpm
 ea10f518bb59213ef01857ea4dc0aa4d  2008.0/x86_64/lib64sasl2-plug-ntlm-2.1.22-23.1mdv2008.0.x86_64.rpm
 63d56373895ddc03a85d4dd3ca1f960a  2008.0/x86_64/lib64sasl2-plug-otp-2.1.22-23.1mdv2008.0.x86_64.rpm
 4b655bbd94e9693ea9f57811bd0efad3  2008.0/x86_64/lib64sasl2-plug-plain-2.1.22-23.1mdv2008.0.x86_64.rpm
 5050def960a29e2857cd132785a21143  2008.0/x86_64/lib64sasl2-plug-sasldb-2.1.22-23.1mdv2008.0.x86_64.rpm
 febdbe8c8c23b096a78ea20dc8ceca75  2008.0/x86_64/lib64sasl2-plug-sql-2.1.22-23.1mdv2008.0.x86_64.rpm 
 6c88dcfd5ab050abd18f4d2983c79300  2008.0/SRPMS/cyrus-sasl-2.1.22-23.1mdv2008.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLF9djmqjQ0CJFipgRApFRAKC/uig37ZdrVvHGHDTHuj98+3tYcwCeMQgy
+UCg830NyZjsOIM1X1eAOhE=
=2Rcl
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ