Cyrus SASL Multiple Remote And Local Vulnerabilities

Solution:
Conectiva has released an advisory (CLSA-2005:959) along with fixes available dealing with this issue. Please see the referenced advisory for more information.

The Fedora Legacy project has released advisory FLSA:2137 to address this issue for RedHat Fedora Core 1. Please see the referenced advisory for further information.

Red Hat has released an updated advisory RHSA-2004:546-18 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

Gentoo Linux has released an advisory dealing with this issue. Gentoo has advised that all Cyrus-SASL users should upgrade to the latest stable version:

# emerge sync

# emerge -pv ">=dev-libs/cyrus-sasl-2.1.18-r2"
# emerge ">=dev-libs/cyrus-sasl-2.1.18-r2"

For more information, please see the referenced Gentoo advisory.

Mandrake Linux has released advisory MDKSA-2004:106 along with fixes dealing with this issue. Please see the referenced advisory for more information.

Trustix Secure Linux has made an advisory (TSLSA-2004-0053) along with fixes available dealing with this issue. Please see the referenced advisory for more information.

Red Hat has released an advisory to address these issues in Fedora Core 2. Please see the referenced advisory for more information.

Debian has released an advisory (DSA 563-1) along with fixes available dealing with this issue. Please see the referenced advisory for more information.

Debian has updated advisory (DSA 563-1 to DSA 563-2) to address problems with the fixes released in the original advisory. Please see the referenced advisory for more information.

Debian has updated advisory (DSA 563-2 to DSA 563-3) to address problems with the fixes released in the original advisory. Please see the referenced advisory for more information.

Debian has released an advisory (DSA 568-1) dealing with this issue for the Cyrus SASL MIT packages. Please see the referenced advisory for more information.

Conectiva Linux has released advisory CLA-2004:889 along with fixes to address this issue. Please see the referenced advisory for further information.

OpenPKG security advisory OpenPKG-SA-2005.004 is available to address this issue. Please see the referenced advisory for further information.

SuSE has released advisory SUSE-SA:2005:013 to address the digestmda5 issue (CAN-2005-0373). Please see the referenced advisory for details on obtaining and applying fixes.

Mandrake Linux has released advisory MDKSA-2005:054 dealing with the digestmda5 issue (CAN-2005-0373). Please see the referenced advisory for details on obtaining and applying fixes.

Apple has released advisory (Security Update 2005-003) to address various issues. Please see the referenced advisory for more information. Updates for Mac OS X v10.3.8 and Mac OS X Server v10.3.8 are available.


Cyrus-Utils SASL 1.5.24

Cyrus-Utils SASL 1.5.27

Apple Mac OS X 10.3.8

Apple Mac OS X Server 10.3.8

Cyrus-Utils SASL 2.1.10

Cyrus-Utils SASL 2.1.12

Cyrus-Utils SASL 2.1.15

Cyrus-Utils SASL 2.1.18


 

Privacy Statement
Copyright 2010, SecurityFocus