[RHSA-2004:546-01] Updated cyrus-sasl packages fix security flaw
bugzilla at redhat.com
bugzilla at redhat.com
Thu Oct 7 15:00:00 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated cyrus-sasl packages fix security flaw
Advisory ID: RHSA-2004:546-01
Issue date: 2004-10-07
Updated on: 2004-10-07
Product: Red Hat Enterprise Linux
Keywords: environment
CVE Names: CAN-2004-0884
- ---------------------------------------------------------------------
1. Summary:
Updated cyrus-sasl packages that fix a setuid and setgid application
vulnerability are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is
the Simple Authentication and Security Layer, a method for adding
authentication support to connection-based protocols.
At application startup, libsasl and libsasl2 attempts to build a list
of all available SASL plug-ins which are available on the system. To do
so, the libraries search for and attempt to load every shared library found
within the plug-in directory. This location can be set with the SASL_PATH
environment variable.
In situations where an untrusted local user can affect the environment of a
privileged process, this behavior could be exploited to run arbitrary code
with the privileges of a setuid or setgid application. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0884 to this issue.
Users of cyrus-sasl should upgrade to these updated packages, which contain
backported patches and are not vulnerable to this issue.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/cyrus-sasl-1.5.24-26.src.rpm
adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm
i386:
0ecb1995b05aebf41e8c609b367e902f cyrus-sasl-1.5.24-26.i386.rpm
846a21bc2e1a84f37f9f43f973ebda44 cyrus-sasl-devel-1.5.24-26.i386.rpm
9d29af70b1dd3a98f8eba31fa796d338 cyrus-sasl-gssapi-1.5.24-26.i386.rpm
ddaf1332b6bdad447e1550fccab267eb cyrus-sasl-md5-1.5.24-26.i386.rpm
67c7f02257346ccbc236a02bbac49925 cyrus-sasl-plain-1.5.24-26.i386.rpm
ia64:
97497be93ad3074862be30b3eaf9fe46 cyrus-sasl-1.5.24-26.ia64.rpm
6c4362bc42c9c41f7eb07b61ee733320 cyrus-sasl-devel-1.5.24-26.ia64.rpm
bd3a433063c18f2384bc9249a58d8504 cyrus-sasl-gssapi-1.5.24-26.ia64.rpm
6d34fc4ff8ffda80308d02e82bcefc64 cyrus-sasl-md5-1.5.24-26.ia64.rpm
1eb867b4419336e95ffffec0a88fe01f cyrus-sasl-plain-1.5.24-26.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/cyrus-sasl-1.5.24-26.src.rpm
adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm
ia64:
97497be93ad3074862be30b3eaf9fe46 cyrus-sasl-1.5.24-26.ia64.rpm
6c4362bc42c9c41f7eb07b61ee733320 cyrus-sasl-devel-1.5.24-26.ia64.rpm
bd3a433063c18f2384bc9249a58d8504 cyrus-sasl-gssapi-1.5.24-26.ia64.rpm
6d34fc4ff8ffda80308d02e82bcefc64 cyrus-sasl-md5-1.5.24-26.ia64.rpm
1eb867b4419336e95ffffec0a88fe01f cyrus-sasl-plain-1.5.24-26.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/cyrus-sasl-1.5.24-26.src.rpm
adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm
i386:
0ecb1995b05aebf41e8c609b367e902f cyrus-sasl-1.5.24-26.i386.rpm
846a21bc2e1a84f37f9f43f973ebda44 cyrus-sasl-devel-1.5.24-26.i386.rpm
9d29af70b1dd3a98f8eba31fa796d338 cyrus-sasl-gssapi-1.5.24-26.i386.rpm
ddaf1332b6bdad447e1550fccab267eb cyrus-sasl-md5-1.5.24-26.i386.rpm
67c7f02257346ccbc236a02bbac49925 cyrus-sasl-plain-1.5.24-26.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/cyrus-sasl-1.5.24-26.src.rpm
adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm
i386:
0ecb1995b05aebf41e8c609b367e902f cyrus-sasl-1.5.24-26.i386.rpm
846a21bc2e1a84f37f9f43f973ebda44 cyrus-sasl-devel-1.5.24-26.i386.rpm
9d29af70b1dd3a98f8eba31fa796d338 cyrus-sasl-gssapi-1.5.24-26.i386.rpm
ddaf1332b6bdad447e1550fccab267eb cyrus-sasl-md5-1.5.24-26.i386.rpm
67c7f02257346ccbc236a02bbac49925 cyrus-sasl-plain-1.5.24-26.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cyrus-sasl-2.1.15-9.src.rpm
aaf9ffaec315e592644d6daae68aae82 cyrus-sasl-2.1.15-9.src.rpm
i386:
ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm
6919e5fcd850ee85f783309cb1470aa5 cyrus-sasl-devel-2.1.15-9.i386.rpm
e9ad63b5a0afe14540367226f0433f4b cyrus-sasl-gssapi-2.1.15-9.i386.rpm
1f88d0820350da52c6366cb1212b8936 cyrus-sasl-md5-2.1.15-9.i386.rpm
8be156532f450097531cb90774a10385 cyrus-sasl-plain-2.1.15-9.i386.rpm
ia64:
6bbbc7ee16697a0cb1009b3730fef0ba cyrus-sasl-2.1.15-9.ia64.rpm
ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm
d2580374e50340bf14d956974a3fb451 cyrus-sasl-devel-2.1.15-9.ia64.rpm
37fcb197c372282ee31dff7d2d81566c cyrus-sasl-gssapi-2.1.15-9.ia64.rpm
444f44cdba6333e1343e23e6d67e6ce6 cyrus-sasl-md5-2.1.15-9.ia64.rpm
8d4d75121ec2e6987f319381ac601716 cyrus-sasl-plain-2.1.15-9.ia64.rpm
ppc:
0dc0857831f3e90217f8f3fd27da70eb cyrus-sasl-2.1.15-9.ppc.rpm
383e13e965189970e5a5f826c6c03af2 cyrus-sasl-devel-2.1.15-9.ppc.rpm
04c195d25dd2d29e808c61f32361428c cyrus-sasl-gssapi-2.1.15-9.ppc.rpm
782939ca66fdae0de95696cd4e903d40 cyrus-sasl-md5-2.1.15-9.ppc.rpm
c9549f71008205a824ed0426c3b873cb cyrus-sasl-plain-2.1.15-9.ppc.rpm
ppc64:
053c8601822ab5206cdc7db1e35e0ea0 cyrus-sasl-2.1.15-9.ppc64.rpm
s390:
adcb50ec0fb14951af6bfe006bc7a295 cyrus-sasl-2.1.15-9.s390.rpm
8dab6edb113343ea0b5550ff7635cded cyrus-sasl-devel-2.1.15-9.s390.rpm
a6c9955bb6df5a16a1012ded6df2eb27 cyrus-sasl-gssapi-2.1.15-9.s390.rpm
9873745733c8ad088251b09bec06a376 cyrus-sasl-md5-2.1.15-9.s390.rpm
07d56edf20dd4d7cf705c8e246329466 cyrus-sasl-plain-2.1.15-9.s390.rpm
s390x:
111e650ab71231c95143847f60a7237b cyrus-sasl-2.1.15-9.s390x.rpm
adcb50ec0fb14951af6bfe006bc7a295 cyrus-sasl-2.1.15-9.s390.rpm
2b0b6453e0738875aaef6a8958ced9fc cyrus-sasl-devel-2.1.15-9.s390x.rpm
72a6318fe8f7a7af727698d98ffc3b0e cyrus-sasl-gssapi-2.1.15-9.s390x.rpm
a45b9c7802f581e14f17d0daa04e8340 cyrus-sasl-md5-2.1.15-9.s390x.rpm
5ee2ddc76df85de40f8fb7d9a42fe81c cyrus-sasl-plain-2.1.15-9.s390x.rpm
x86_64:
7008444c7feb4516e29f4af965be2d3c cyrus-sasl-2.1.15-9.x86_64.rpm
ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm
f063da2d593dfca9bbffed47e74992a6 cyrus-sasl-devel-2.1.15-9.x86_64.rpm
bced324f78f7d7453d3756e7d23a461b cyrus-sasl-gssapi-2.1.15-9.x86_64.rpm
1261e9ccb900f36592ddfa09c64ba354 cyrus-sasl-md5-2.1.15-9.x86_64.rpm
4ea63d22a136b332f5c405a5c43e1f96 cyrus-sasl-plain-2.1.15-9.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cyrus-sasl-2.1.15-9.src.rpm
aaf9ffaec315e592644d6daae68aae82 cyrus-sasl-2.1.15-9.src.rpm
i386:
ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm
6919e5fcd850ee85f783309cb1470aa5 cyrus-sasl-devel-2.1.15-9.i386.rpm
e9ad63b5a0afe14540367226f0433f4b cyrus-sasl-gssapi-2.1.15-9.i386.rpm
1f88d0820350da52c6366cb1212b8936 cyrus-sasl-md5-2.1.15-9.i386.rpm
8be156532f450097531cb90774a10385 cyrus-sasl-plain-2.1.15-9.i386.rpm
x86_64:
7008444c7feb4516e29f4af965be2d3c cyrus-sasl-2.1.15-9.x86_64.rpm
ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm
f063da2d593dfca9bbffed47e74992a6 cyrus-sasl-devel-2.1.15-9.x86_64.rpm
bced324f78f7d7453d3756e7d23a461b cyrus-sasl-gssapi-2.1.15-9.x86_64.rpm
1261e9ccb900f36592ddfa09c64ba354 cyrus-sasl-md5-2.1.15-9.x86_64.rpm
4ea63d22a136b332f5c405a5c43e1f96 cyrus-sasl-plain-2.1.15-9.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cyrus-sasl-2.1.15-9.src.rpm
aaf9ffaec315e592644d6daae68aae82 cyrus-sasl-2.1.15-9.src.rpm
i386:
ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm
6919e5fcd850ee85f783309cb1470aa5 cyrus-sasl-devel-2.1.15-9.i386.rpm
e9ad63b5a0afe14540367226f0433f4b cyrus-sasl-gssapi-2.1.15-9.i386.rpm
1f88d0820350da52c6366cb1212b8936 cyrus-sasl-md5-2.1.15-9.i386.rpm
8be156532f450097531cb90774a10385 cyrus-sasl-plain-2.1.15-9.i386.rpm
ia64:
6bbbc7ee16697a0cb1009b3730fef0ba cyrus-sasl-2.1.15-9.ia64.rpm
ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm
d2580374e50340bf14d956974a3fb451 cyrus-sasl-devel-2.1.15-9.ia64.rpm
37fcb197c372282ee31dff7d2d81566c cyrus-sasl-gssapi-2.1.15-9.ia64.rpm
444f44cdba6333e1343e23e6d67e6ce6 cyrus-sasl-md5-2.1.15-9.ia64.rpm
8d4d75121ec2e6987f319381ac601716 cyrus-sasl-plain-2.1.15-9.ia64.rpm
x86_64:
7008444c7feb4516e29f4af965be2d3c cyrus-sasl-2.1.15-9.x86_64.rpm
ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm
f063da2d593dfca9bbffed47e74992a6 cyrus-sasl-devel-2.1.15-9.x86_64.rpm
bced324f78f7d7453d3756e7d23a461b cyrus-sasl-gssapi-2.1.15-9.x86_64.rpm
1261e9ccb900f36592ddfa09c64ba354 cyrus-sasl-md5-2.1.15-9.x86_64.rpm
4ea63d22a136b332f5c405a5c43e1f96 cyrus-sasl-plain-2.1.15-9.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cyrus-sasl-2.1.15-9.src.rpm
aaf9ffaec315e592644d6daae68aae82 cyrus-sasl-2.1.15-9.src.rpm
i386:
ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm
6919e5fcd850ee85f783309cb1470aa5 cyrus-sasl-devel-2.1.15-9.i386.rpm
e9ad63b5a0afe14540367226f0433f4b cyrus-sasl-gssapi-2.1.15-9.i386.rpm
1f88d0820350da52c6366cb1212b8936 cyrus-sasl-md5-2.1.15-9.i386.rpm
8be156532f450097531cb90774a10385 cyrus-sasl-plain-2.1.15-9.i386.rpm
ia64:
6bbbc7ee16697a0cb1009b3730fef0ba cyrus-sasl-2.1.15-9.ia64.rpm
ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm
d2580374e50340bf14d956974a3fb451 cyrus-sasl-devel-2.1.15-9.ia64.rpm
37fcb197c372282ee31dff7d2d81566c cyrus-sasl-gssapi-2.1.15-9.ia64.rpm
444f44cdba6333e1343e23e6d67e6ce6 cyrus-sasl-md5-2.1.15-9.ia64.rpm
8d4d75121ec2e6987f319381ac601716 cyrus-sasl-plain-2.1.15-9.ia64.rpm
x86_64:
7008444c7feb4516e29f4af965be2d3c cyrus-sasl-2.1.15-9.x86_64.rpm
ee9649ea378ae6e28af20b2dffaca059 cyrus-sasl-2.1.15-9.i386.rpm
f063da2d593dfca9bbffed47e74992a6 cyrus-sasl-devel-2.1.15-9.x86_64.rpm
bced324f78f7d7453d3756e7d23a461b cyrus-sasl-gssapi-2.1.15-9.x86_64.rpm
1261e9ccb900f36592ddfa09c64ba354 cyrus-sasl-md5-2.1.15-9.x86_64.rpm
4ea63d22a136b332f5c405a5c43e1f96 cyrus-sasl-plain-2.1.15-9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package
6. References:
https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/common.c.diff?r1=1.103&r2=1.104
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0884
7. Contact:
The Red Hat security contact is <secalert at redhat.com>. More contact
details at https://www.redhat.com/security/team/contact.html
Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBZVnwXlSAg2UNWIIRAiFIAKC5LyaTd3UtgsnkMBvHNIJ/wOkhsgCgkGLu
xEtqqBoy1yXnrT7xiUkQnuk=
=k9ul
-----END PGP SIGNATURE-----
More information about the Enterprise-watch-list
mailing list