RHSA-2007:0878-01 Moderate: cyrus-sasl security update
Posted on: 09/04/2007 09:25 PM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: cyrus-sasl security update
Advisory ID: RHSA-2007:0878-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0878.html
Issue date: 2007-09-04
Updated on: 2007-09-04
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-1721
- ---------------------------------------------------------------------

1. Summary:

Updated cyrus-sasl packages that correct a security issue are now available
for Red Hat Enterprise Linux 3.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The cyrus-sasl package contains the Cyrus implementation of SASL.
SASL is the Simple Authentication and Security Layer, a method for
adding authentication support to connection-based protocols.

A bug was found in cyrus-sasl's DIGEST-MD5 authentication mechanism. As
part of the DIGEST-MD5 authentication exchange, the client is expected to
send a specific set of information to the server. If one of these items
(the "realm") was not sent or was malformed, it was possible for a remote
unauthenticated attacker to cause a denial of service (segmentation fault)
on the server. (CVE-2006-1721)

Users of cyrus-sasl should upgrade to these updated packages, which contain a
backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

252339 - CVE-2006-1721 cyrus-sasl digest-md5 DoS

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cyrus-sasl-2.1.15-15.src.rpm
971ba1e92e9949601bafd8f7bfb59aa1 cyrus-sasl-2.1.15-15.src.rpm

i386:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
2b570b0237173d3a7bde466c6e2fb36b cyrus-sasl-devel-2.1.15-15.i386.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm

ia64:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
93e177c34d38edd502093ace0818ec6c cyrus-sasl-2.1.15-15.ia64.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
e638f877ec94eb4cbe0e95932286a89a cyrus-sasl-debuginfo-2.1.15-15.ia64.rpm
d73eb01b3b091346a3e13e16a4f3012f cyrus-sasl-devel-2.1.15-15.ia64.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
a2f2c05e60a957ebd6d1366d9affad86 cyrus-sasl-gssapi-2.1.15-15.ia64.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
d33de0609bd3bdd5c915d12688de8bbf cyrus-sasl-md5-2.1.15-15.ia64.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm
627e26b0fa51c03d2a78bc9064b331c5 cyrus-sasl-plain-2.1.15-15.ia64.rpm

ppc:
e80ba70d9318f9c4db9e5aba67f140b4 cyrus-sasl-2.1.15-15.ppc.rpm
dd5ba07ac0b7f9db06924dc92ae64e0f cyrus-sasl-2.1.15-15.ppc64.rpm
86d74bb6279e91ebe96c7b8eb9e3187b cyrus-sasl-debuginfo-2.1.15-15.ppc.rpm
872125c0f8b58c342b20251362d8e251 cyrus-sasl-debuginfo-2.1.15-15.ppc64.rpm
7b247b8d3b1dfa910748b006feeb3180 cyrus-sasl-devel-2.1.15-15.ppc.rpm
20f36685aab8e777d6a03bbd07a9043b cyrus-sasl-gssapi-2.1.15-15.ppc.rpm
bd759d41630b28ca16a9ac1bff7cd3ef cyrus-sasl-gssapi-2.1.15-15.ppc64.rpm
acf5cddc0d2d8da2cf72bc2385ec8639 cyrus-sasl-md5-2.1.15-15.ppc.rpm
877e24163006884120ff7173250cceed cyrus-sasl-md5-2.1.15-15.ppc64.rpm
e1152342f5d9e040724742fbda17efaf cyrus-sasl-plain-2.1.15-15.ppc.rpm
4b27130a2484604d8b8532be9cef3d88 cyrus-sasl-plain-2.1.15-15.ppc64.rpm

s390:
b9961e0723518e7a34d80ab27bdf1e6b cyrus-sasl-2.1.15-15.s390.rpm
0840d385f74719910a65e66ed1d4ae10 cyrus-sasl-debuginfo-2.1.15-15.s390.rpm
8d4586eb684f58b8ad05173a8a441cf1 cyrus-sasl-devel-2.1.15-15.s390.rpm
47aba4aba7b9e3b725cad6faebcdee10 cyrus-sasl-gssapi-2.1.15-15.s390.rpm
789ef3e79fa96edbf6bf29d23507bc55 cyrus-sasl-md5-2.1.15-15.s390.rpm
ce0920b0a21006a63764942cdc5f46f5 cyrus-sasl-plain-2.1.15-15.s390.rpm

s390x:
b9961e0723518e7a34d80ab27bdf1e6b cyrus-sasl-2.1.15-15.s390.rpm
8fef2c2af40d2a350659c2df794e710b cyrus-sasl-2.1.15-15.s390x.rpm
0840d385f74719910a65e66ed1d4ae10 cyrus-sasl-debuginfo-2.1.15-15.s390.rpm
0ea32602c4811bf760309c000bbaed35 cyrus-sasl-debuginfo-2.1.15-15.s390x.rpm
3a7fbf34a092488d62360f9b75a9e032 cyrus-sasl-devel-2.1.15-15.s390x.rpm
47aba4aba7b9e3b725cad6faebcdee10 cyrus-sasl-gssapi-2.1.15-15.s390.rpm
199afb45cc2909aff39c2d4fe2f6247e cyrus-sasl-gssapi-2.1.15-15.s390x.rpm
789ef3e79fa96edbf6bf29d23507bc55 cyrus-sasl-md5-2.1.15-15.s390.rpm
57c373792e1ce7ff1af2153380811804 cyrus-sasl-md5-2.1.15-15.s390x.rpm
ce0920b0a21006a63764942cdc5f46f5 cyrus-sasl-plain-2.1.15-15.s390.rpm
467042d8e279de713d4730ec62bcf23c cyrus-sasl-plain-2.1.15-15.s390x.rpm

x86_64:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
ad14eda4c01f9f14406ee1c8b9f51c09 cyrus-sasl-2.1.15-15.x86_64.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
5d966cf53c9b927cfdec711857358b02 cyrus-sasl-debuginfo-2.1.15-15.x86_64.rpm
0b026c8ffebc536a8254f8b3d0b3732a cyrus-sasl-devel-2.1.15-15.x86_64.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
b974739f506d6079cd221b594c2f3f63 cyrus-sasl-gssapi-2.1.15-15.x86_64.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
3589053882bd022ab14839c7f24e7044 cyrus-sasl-md5-2.1.15-15.x86_64.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm
0d170fb27a78b7cf3d2f946209335593 cyrus-sasl-plain-2.1.15-15.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cyrus-sasl-2.1.15-15.src.rpm
971ba1e92e9949601bafd8f7bfb59aa1 cyrus-sasl-2.1.15-15.src.rpm

i386:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
2b570b0237173d3a7bde466c6e2fb36b cyrus-sasl-devel-2.1.15-15.i386.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm

x86_64:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
ad14eda4c01f9f14406ee1c8b9f51c09 cyrus-sasl-2.1.15-15.x86_64.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
5d966cf53c9b927cfdec711857358b02 cyrus-sasl-debuginfo-2.1.15-15.x86_64.rpm
0b026c8ffebc536a8254f8b3d0b3732a cyrus-sasl-devel-2.1.15-15.x86_64.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
b974739f506d6079cd221b594c2f3f63 cyrus-sasl-gssapi-2.1.15-15.x86_64.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
3589053882bd022ab14839c7f24e7044 cyrus-sasl-md5-2.1.15-15.x86_64.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm
0d170fb27a78b7cf3d2f946209335593 cyrus-sasl-plain-2.1.15-15.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cyrus-sasl-2.1.15-15.src.rpm
971ba1e92e9949601bafd8f7bfb59aa1 cyrus-sasl-2.1.15-15.src.rpm

i386:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
2b570b0237173d3a7bde466c6e2fb36b cyrus-sasl-devel-2.1.15-15.i386.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm

ia64:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
93e177c34d38edd502093ace0818ec6c cyrus-sasl-2.1.15-15.ia64.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
e638f877ec94eb4cbe0e95932286a89a cyrus-sasl-debuginfo-2.1.15-15.ia64.rpm
d73eb01b3b091346a3e13e16a4f3012f cyrus-sasl-devel-2.1.15-15.ia64.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
a2f2c05e60a957ebd6d1366d9affad86 cyrus-sasl-gssapi-2.1.15-15.ia64.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
d33de0609bd3bdd5c915d12688de8bbf cyrus-sasl-md5-2.1.15-15.ia64.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm
627e26b0fa51c03d2a78bc9064b331c5 cyrus-sasl-plain-2.1.15-15.ia64.rpm

x86_64:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
ad14eda4c01f9f14406ee1c8b9f51c09 cyrus-sasl-2.1.15-15.x86_64.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
5d966cf53c9b927cfdec711857358b02 cyrus-sasl-debuginfo-2.1.15-15.x86_64.rpm
0b026c8ffebc536a8254f8b3d0b3732a cyrus-sasl-devel-2.1.15-15.x86_64.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
b974739f506d6079cd221b594c2f3f63 cyrus-sasl-gssapi-2.1.15-15.x86_64.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
3589053882bd022ab14839c7f24e7044 cyrus-sasl-md5-2.1.15-15.x86_64.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm
0d170fb27a78b7cf3d2f946209335593 cyrus-sasl-plain-2.1.15-15.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cyrus-sasl-2.1.15-15.src.rpm
971ba1e92e9949601bafd8f7bfb59aa1 cyrus-sasl-2.1.15-15.src.rpm

i386:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
2b570b0237173d3a7bde466c6e2fb36b cyrus-sasl-devel-2.1.15-15.i386.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm

ia64:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
93e177c34d38edd502093ace0818ec6c cyrus-sasl-2.1.15-15.ia64.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
e638f877ec94eb4cbe0e95932286a89a cyrus-sasl-debuginfo-2.1.15-15.ia64.rpm
d73eb01b3b091346a3e13e16a4f3012f cyrus-sasl-devel-2.1.15-15.ia64.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
a2f2c05e60a957ebd6d1366d9affad86 cyrus-sasl-gssapi-2.1.15-15.ia64.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
d33de0609bd3bdd5c915d12688de8bbf cyrus-sasl-md5-2.1.15-15.ia64.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm
627e26b0fa51c03d2a78bc9064b331c5 cyrus-sasl-plain-2.1.15-15.ia64.rpm

x86_64:
bc2c9d4460476c6643ece0a3343e96a1 cyrus-sasl-2.1.15-15.i386.rpm
ad14eda4c01f9f14406ee1c8b9f51c09 cyrus-sasl-2.1.15-15.x86_64.rpm
489d60eed4d6abd81257fab25dec0b80 cyrus-sasl-debuginfo-2.1.15-15.i386.rpm
5d966cf53c9b927cfdec711857358b02 cyrus-sasl-debuginfo-2.1.15-15.x86_64.rpm
0b026c8ffebc536a8254f8b3d0b3732a cyrus-sasl-devel-2.1.15-15.x86_64.rpm
e98364bad26467ee25ef5d710997fb1f cyrus-sasl-gssapi-2.1.15-15.i386.rpm
b974739f506d6079cd221b594c2f3f63 cyrus-sasl-gssapi-2.1.15-15.x86_64.rpm
fccdb8a03342b0a1640b9723f30d8b51 cyrus-sasl-md5-2.1.15-15.i386.rpm
3589053882bd022ab14839c7f24e7044 cyrus-sasl-md5-2.1.15-15.x86_64.rpm
aa119a97b280debf2cfb3c3d36fe4c60 cyrus-sasl-plain-2.1.15-15.i386.rpm
0d170fb27a78b7cf3d2f946209335593 cyrus-sasl-plain-2.1.15-15.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFG3XV1XlSAg2UNWIIRAppTAJ9pRNVqcsitnmhkEtD9vzAtC9pTdgCdFYXh
/E1GdkCAo8MLLdAkVN6pclQ=
=qssv
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_20070878_01_moderate_cyrus_sasl_security_update.html)