Fedora Legacy Test Update Notification: cyrus-sasl

Dominic Hargreaves dom at earth.li
Thu Feb 3 23:29:33 UTC 2005 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2137
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2137
2005-02-03
---------------------------------------------------------------------

Name        : cyrus-sasl
7.3 Version : cyrus-sasl-1.5.24-25.2.legacy
9 Version   : cyrus-sasl-2.1.10-4.2.legacy
fc1 Version : cyrus-sasl-2.1.15-6.2.legacy
Summary     : The Cyrus SASL library.
Description :
The cyrus-sasl package contains the Cyrus implementation of SASL.
SASL is the Simple Authentication and Security Layer, a method for
adding authentication support to connection-based protocols.

---------------------------------------------------------------------
Update Information:

At application startup, libsasl and libsasl2 attempts to build a list
of all available SASL plug-ins which are available on the system.  To do
so, the libraries search for and attempt to load every shared library found
within the plug-in directory.  This location can be set with the SASL_PATH
environment variable.

In situations where an untrusted local user can affect the environment of a
privileged process, this behavior could be exploited to run arbitrary code
with the privileges of a setuid or setgid application.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0884 to this issue.

---------------------------------------------------------------------
7.3 changelog:

* Wed Oct 13 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 1.5.24-25.2.le
gacy

- Added better patch for SASL_PATH vulnerability (CAN-2004-0884)

* Tue Oct 05 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 1.5.24-25.1.le
gacy

- Added security patch for SASL_PATH vulnerability

9 changelog:

* Wed Oct 13 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 2.1.10-4.2.leg
acy

- Added better patches for SASL_PATH vulnerability (CAN-2004-0884)

* Tue Oct 05 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 2.1.10-4.1.leg
acy

- Added security patches for SASL_PATH vulnerability

fc1 changlog:

* Wed Oct 13 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 2.1.15-6.2.leg
acy

- Added better patches for SASL_PATH vulnerability (CAN-2004-0884)

* Tue Oct 05 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 2.1.15-6.1.leg
acy

- Added security patches for SASL_PATH vulnerability

---------------------------------------------------------------------
This update can be downloaded from:
   http://download.fedoralegacy.org/
(sha1sums)


b1a8f0ec581a4241ad5426c66610fbd333d43cd6  redhat/7.3/updates-testing/SRPMS/cyrus-sasl-1.5.24-25.2.legacy.src.rpm
b4667fa03cb7395b7e0535fcdb74de78f4ee1a90  redhat/7.3/updates-testing/i386/cyrus-sasl-1.5.24-25.2.legacy.i386.rpm
a5df6f8feca3944d60e10ec94264229d157b5ad6  redhat/7.3/updates-testing/i386/cyrus-sasl-devel-1.5.24-25.2.legacy.i386.rpm
bc1e6e9cae9e1065a90327c752558c1f891f91a7  redhat/7.3/updates-testing/i386/cyrus-sasl-gssapi-1.5.24-25.2.legacy.i386.rpm
61d28e3fbab415d6b37ac759bb154a54d94995c1  redhat/7.3/updates-testing/i386/cyrus-sasl-md5-1.5.24-25.2.legacy.i386.rpm
6c8b1eae837a084f29fd572e781acc38e54c5201  redhat/7.3/updates-testing/i386/cyrus-sasl-plain-1.5.24-25.2.legacy.i386.rpm

d7fdf0513e1b05543801354137b27660c7c1df9b  redhat/9/updates-testing/SRPMS/cyrus-sasl-2.1.10-4.2.legacy.src.rpm
99dae02364cc6ba8e26ef4b080e555d85647f9e2  redhat/9/updates-testing/i386/cyrus-sasl-2.1.10-4.2.legacy.i386.rpm
a6d19e7fbfb6ea5ef16b37a98cf03bbde7467059  redhat/9/updates-testing/i386/cyrus-sasl-devel-2.1.10-4.2.legacy.i386.rpm
e1021e337cf247eb42d795f37e786783567ac39b  redhat/9/updates-testing/i386/cyrus-sasl-gssapi-2.1.10-4.2.legacy.i386.rpm
df7f3f58cf8967b22b7c599e9d7cdbc151b7ee51  redhat/9/updates-testing/i386/cyrus-sasl-md5-2.1.10-4.2.legacy.i386.rpm
c8851e0319d7cdb337d9ce34fe0c099383770473  redhat/9/updates-testing/i386/cyrus-sasl-plain-2.1.10-4.2.legacy.i386.rpm

67070836cf1f9ab742789e2d1787d9b5d18cb5c1  fedora/1/updates-testing/SRPMS/cyrus-sasl-2.1.15-6.2.legacy.src.rpm
ef9d0ad17d1f5e8b9fa1f054a3ee5686d6886eec  fedora/1/updates-testing/i386/cyrus-sasl-2.1.15-6.2.legacy.i386.rpm
d698f0da0e60a574052aa3c9780599f3a16c1af1  fedora/1/updates-testing/i386/cyrus-sasl-devel-2.1.15-6.2.legacy.i386.rpm
40e3c0bd3a66bea24a255a9cc923c975d4848e65  fedora/1/updates-testing/i386/cyrus-sasl-gssapi-2.1.15-6.2.legacy.i386.rpm
2d19e1de5a5f36574af71bf0eb1087f1322b03de  fedora/1/updates-testing/i386/cyrus-sasl-md5-2.1.15-6.2.legacy.i386.rpm
a13820031b39c60ff44c32f3fb265f1b6101fa05  fedora/1/updates-testing/i386/cyrus-sasl-plain-2.1.15-6.2.legacy.i386.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050203/9da6991d/attachment.sig>

More information about the fedora-legacy-list mailing list