Fedora Legacy Test Update Notification: cyrus-sasl
Dominic Hargreaves
dom at earth.li
Thu Feb 3 23:29:33 UTC 2005
---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2137
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2137
2005-02-03
---------------------------------------------------------------------
Name : cyrus-sasl
7.3 Version : cyrus-sasl-1.5.24-25.2.legacy
9 Version : cyrus-sasl-2.1.10-4.2.legacy
fc1 Version : cyrus-sasl-2.1.15-6.2.legacy
Summary : The Cyrus SASL library.
Description :
The cyrus-sasl package contains the Cyrus implementation of SASL.
SASL is the Simple Authentication and Security Layer, a method for
adding authentication support to connection-based protocols.
---------------------------------------------------------------------
Update Information:
At application startup, libsasl and libsasl2 attempts to build a list
of all available SASL plug-ins which are available on the system. To do
so, the libraries search for and attempt to load every shared library found
within the plug-in directory. This location can be set with the SASL_PATH
environment variable.
In situations where an untrusted local user can affect the environment of a
privileged process, this behavior could be exploited to run arbitrary code
with the privileges of a setuid or setgid application. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0884 to this issue.
---------------------------------------------------------------------
7.3 changelog:
* Wed Oct 13 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 1.5.24-25.2.le
gacy
- Added better patch for SASL_PATH vulnerability (CAN-2004-0884)
* Tue Oct 05 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 1.5.24-25.1.le
gacy
- Added security patch for SASL_PATH vulnerability
9 changelog:
* Wed Oct 13 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 2.1.10-4.2.leg
acy
- Added better patches for SASL_PATH vulnerability (CAN-2004-0884)
* Tue Oct 05 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 2.1.10-4.1.leg
acy
- Added security patches for SASL_PATH vulnerability
fc1 changlog:
* Wed Oct 13 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 2.1.15-6.2.leg
acy
- Added better patches for SASL_PATH vulnerability (CAN-2004-0884)
* Tue Oct 05 2004 Marc Deslauriers <marcdeslauriers at videotron.ca> 2.1.15-6.1.leg
acy
- Added security patches for SASL_PATH vulnerability
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
b1a8f0ec581a4241ad5426c66610fbd333d43cd6 redhat/7.3/updates-testing/SRPMS/cyrus-sasl-1.5.24-25.2.legacy.src.rpm
b4667fa03cb7395b7e0535fcdb74de78f4ee1a90 redhat/7.3/updates-testing/i386/cyrus-sasl-1.5.24-25.2.legacy.i386.rpm
a5df6f8feca3944d60e10ec94264229d157b5ad6 redhat/7.3/updates-testing/i386/cyrus-sasl-devel-1.5.24-25.2.legacy.i386.rpm
bc1e6e9cae9e1065a90327c752558c1f891f91a7 redhat/7.3/updates-testing/i386/cyrus-sasl-gssapi-1.5.24-25.2.legacy.i386.rpm
61d28e3fbab415d6b37ac759bb154a54d94995c1 redhat/7.3/updates-testing/i386/cyrus-sasl-md5-1.5.24-25.2.legacy.i386.rpm
6c8b1eae837a084f29fd572e781acc38e54c5201 redhat/7.3/updates-testing/i386/cyrus-sasl-plain-1.5.24-25.2.legacy.i386.rpm
d7fdf0513e1b05543801354137b27660c7c1df9b redhat/9/updates-testing/SRPMS/cyrus-sasl-2.1.10-4.2.legacy.src.rpm
99dae02364cc6ba8e26ef4b080e555d85647f9e2 redhat/9/updates-testing/i386/cyrus-sasl-2.1.10-4.2.legacy.i386.rpm
a6d19e7fbfb6ea5ef16b37a98cf03bbde7467059 redhat/9/updates-testing/i386/cyrus-sasl-devel-2.1.10-4.2.legacy.i386.rpm
e1021e337cf247eb42d795f37e786783567ac39b redhat/9/updates-testing/i386/cyrus-sasl-gssapi-2.1.10-4.2.legacy.i386.rpm
df7f3f58cf8967b22b7c599e9d7cdbc151b7ee51 redhat/9/updates-testing/i386/cyrus-sasl-md5-2.1.10-4.2.legacy.i386.rpm
c8851e0319d7cdb337d9ce34fe0c099383770473 redhat/9/updates-testing/i386/cyrus-sasl-plain-2.1.10-4.2.legacy.i386.rpm
67070836cf1f9ab742789e2d1787d9b5d18cb5c1 fedora/1/updates-testing/SRPMS/cyrus-sasl-2.1.15-6.2.legacy.src.rpm
ef9d0ad17d1f5e8b9fa1f054a3ee5686d6886eec fedora/1/updates-testing/i386/cyrus-sasl-2.1.15-6.2.legacy.i386.rpm
d698f0da0e60a574052aa3c9780599f3a16c1af1 fedora/1/updates-testing/i386/cyrus-sasl-devel-2.1.15-6.2.legacy.i386.rpm
40e3c0bd3a66bea24a255a9cc923c975d4848e65 fedora/1/updates-testing/i386/cyrus-sasl-gssapi-2.1.15-6.2.legacy.i386.rpm
2d19e1de5a5f36574af71bf0eb1087f1322b03de fedora/1/updates-testing/i386/cyrus-sasl-md5-2.1.15-6.2.legacy.i386.rpm
a13820031b39c60ff44c32f3fb265f1b6101fa05 fedora/1/updates-testing/i386/cyrus-sasl-plain-2.1.15-6.2.legacy.i386.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050203/9da6991d/attachment.sig>
More information about the fedora-legacy-list
mailing list