The cyrus-sasl package contains the Cyrus implementation of SASL.
SASL is the Simple Authentication and Security Layer, a method for
adding authentication support to connection-based protocols.
A bug was found in cyrus-sasl’s DIGEST-MD5 authentication mechanism. As
part of the DIGEST-MD5 authentication exchange, the client is expected to
send a specific set of information to the server. If one of these items
(the “realm”) was not sent or was malformed, it was possible for a remote
unauthenticated attacker to cause a denial of service (segmentation fault)
on the server. (CVE-2006-1721)
Users of cyrus-sasl should upgrade to these updated packages, which contain a
backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ppc64 | cyrus-sasl-md5 | < 2.1.15-15 | cyrus-sasl-md5-2.1.15-15.ppc64.rpm |
RedHat | any | ppc64 | cyrus-sasl-plain | < 2.1.15-15 | cyrus-sasl-plain-2.1.15-15.ppc64.rpm |
RedHat | any | ppc | cyrus-sasl-plain | < 2.1.15-15 | cyrus-sasl-plain-2.1.15-15.ppc.rpm |
RedHat | any | ppc | cyrus-sasl-md5 | < 2.1.15-15 | cyrus-sasl-md5-2.1.15-15.ppc.rpm |
RedHat | any | ppc64 | cyrus-sasl-gssapi | < 2.1.15-15 | cyrus-sasl-gssapi-2.1.15-15.ppc64.rpm |
RedHat | any | ppc | cyrus-sasl-devel | < 2.1.15-15 | cyrus-sasl-devel-2.1.15-15.ppc.rpm |
RedHat | any | ppc64 | cyrus-sasl | < 2.1.15-15 | cyrus-sasl-2.1.15-15.ppc64.rpm |
RedHat | any | ppc | cyrus-sasl-gssapi | < 2.1.15-15 | cyrus-sasl-gssapi-2.1.15-15.ppc.rpm |
RedHat | any | ppc | cyrus-sasl | < 2.1.15-15 | cyrus-sasl-2.1.15-15.ppc.rpm |