Google Site SearchFN Site Search FN Blog Login FN Blog Login
Site Navigation:
 
 

Fedora Update

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
This update can be installed with Yum Update Agent; you can type 'yum update' command in the terminal.
This update can also be installed with the Red Hat Update Agent; you can launch the Red Hat Update Agent with the 'up2date' command in the terminal.

[SECURITY] Fedora Core 2 Update: cyrus-sasl-2.1.18-2.2

[NEWS] 2004-10-11
The advisory ID in the origianl Fedora Update Announcement has been corrected.

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-332
2004-10-08
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : cyrus-sasl
Version     : 2.1.18                      
Release     : 2.2                  
Summary     : The Cyrus SASL library.
Description :
The cyrus-sasl package contains the Cyrus implementation of SASL.
SASL is the Simple Authentication and Security Layer, a method for
adding authentication support to connection-based protocols.

---------------------------------------------------------------------
Update Information:

At application startup, libsasl and libsasl2 attempt to build a list
of all SASL plug-ins which are available on the system.  To do so,
the libraries search for and attempt to load every shared library
found within the plug-in directory.  This location can be set with
the SASL_PATH environment variable.

In situations where an untrusted local user can affect the
environment of a privileged process, this behavior could be exploited
to run arbitrary code with the privileges of a setuid or setgid
application.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0884 to this issue.

Users of cyrus-sasl should upgrade to these updated packages, which
contain backported patches and are not vulnerable to this issue.

---------------------------------------------------------------------

* Thu Oct 07 2004 Nalin Dahyabhai  2.1.18-2.2

- use notting's fix for incorrect patch for CAN-2004-0884 for 1.5.28

* Thu Oct 07 2004 Nalin Dahyabhai  2.1.18-2.1

- don't trust the environment in setuid/setgid contexts (CAN-2004-0884, #134660)

---------------------------------------------------------------------
This update can be downloaded from:
 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

74c6c5f219ade64c4514ec64dab48376  SRPMS/cyrus-sasl-2.1.18-2.2.src.rpm
f3095f3563e54d3f6a8481560542ff64  x86_64/cyrus-sasl-2.1.18-2.2.x86_64.rpm
ab802d3faa874f078051109578b698e9  x86_64/cyrus-sasl-devel-2.1.18-2.2.x86_64.rpm
e9569f4c67f59de333fa6beca6260e7d  x86_64/cyrus-sasl-gssapi-2.1.18-2.2.x86_64.rpm
5ab29e7ad1bbca0d098984ec73e8b6a8  x86_64/cyrus-sasl-plain-2.1.18-2.2.x86_64.rpm
b9b362e882c9950a5da33f15bb5207f0  x86_64/cyrus-sasl-md5-2.1.18-2.2.x86_64.rpm
270d6d4738a4a674ff79256cf42ea0a4  x86_64/debug/cyrus-sasl-debuginfo-2.1.18-2.2.x86_64.rpm
c8b8e3c700ef3e48b53eab20e6ee7f62  i386/cyrus-sasl-2.1.18-2.2.i386.rpm
1ae4633b8efae2f9c7b963398cee58c5  i386/cyrus-sasl-devel-2.1.18-2.2.i386.rpm
1e9062a935b0ae9482dd190ead4b099c  i386/cyrus-sasl-gssapi-2.1.18-2.2.i386.rpm
40e096e298d95ce2a6d24b7cf4cf8ef1  i386/cyrus-sasl-plain-2.1.18-2.2.i386.rpm
fbea0811ec245e404637c651b10f1e64  i386/cyrus-sasl-md5-2.1.18-2.2.i386.rpm
9370a1bbf9ca58297a1d721f929113e4  i386/debug/cyrus-sasl-debuginfo-2.1.18-2.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------