Cyrus SASL Library Username Heap Corruption Vulnerability

Cyrus SASL Library Username Heap Corruption Vulnerability

Solution:
It is recommended that all Gentoo Linux users who are running
dev-libs/cyrus-sasl-2.1.9 update their systems as follows:

emerge rsync
emerge cyrus-sasl
emerge clean

This issue has been fixed in version 2.1.10. Users are advised to upgrade as soon as possible.

Apple has released advisory (Security Update 2005-003) to address various issues. Please see the referenced advisory for more information. Updates for Mac OS X v10.3.8 and Mac OS X Server v10.3.8 are available.

Apple Mac OS X 10.3.8

Apple SecUpd2005-003Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=05529&plat form=osx&method=sa/SecUpd2005-003Pan.dmg

Apple Mac OS X Server 10.3.8

Apple SecUpdSrvr2005-003Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=05530&plat form=osx&method=sa/SecUpdSrvr2005-003Pan.dmg

Cyrus SASL 2.1.9

Cyrus SASL 2.1.10
ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.10.tar.gz

RedHat cyrus-sasl-2.1.10-1.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/cyrus-sasl-2.1.10-1.i386.rpm

RedHat cyrus-sasl-devel-2.1.10-1.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/cyrus-sasl-devel-2.1.10-1.i386 .rpm

RedHat cyrus-sasl-gssapi-2.1.10-1.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/cyrus-sasl-gssapi-2.1.10-1.i38 6.rpm

RedHat cyrus-sasl-md5-2.1.10-1.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/cyrus-sasl-md5-2.1.10-1.i386.r pm

RedHat cyrus-sasl-plain-2.1.10-1.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/cyrus-sasl-plain-2.1.10-1.i386 .rpm