Home page logo
/

bugtraq logo Bugtraq mailing list archives

[USN-272-1] cyrus-sasl2 vulnerability
From: Martin Pitt <martin.pitt () canonical com>
Date: Mon, 24 Apr 2006 14:40:33 +0200

===========================================================
Ubuntu Security Notice USN-272-1             April 24, 2006
cyrus-sasl2 vulnerability
CVE-2006-1721
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libsasl2-modules-gssapi-heimdal

The problem can be corrected by upgrading the affected package to
version 2.1.19-1.3ubuntu0.1 (for Ubuntu 4.10), 2.1.19-1.5ubuntu1.1
(for Ubuntu 5.04), or 2.1.19-1.5ubuntu4.2 (for Ubuntu 5.10).  In
general, a standard system upgrade is sufficient to effect the
necessary changes.

If you configured Postfix, OpenLDAP or possibly other server
applications to use SASL with the DIGEST-MD5 plugin, you need to
restart these services after the security upgrade.


Details follow:

A Denial of Service vulnerability has been discovered in the SASL
authentication library when using the DIGEST-MD5 plugin. By sending a
specially crafted realm name, a malicious SASL server could exploit
this to crash the application that uses SASL.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.3ubuntu0.1.diff.gz
      Size/MD5:    31295 28e26e81bea870375a9044475339913f
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.3ubuntu0.1.dsc
      Size/MD5:     1082 4131240372a9da4d2da02c9165d63bc8
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.orig.tar.gz
      Size/MD5:  1531667 670f9a0c0a99cf09d679cd5c859a3715

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.3ubuntu0.1_amd64.deb
      Size/MD5:   258820 86d5866babc1766104f4b66ab2fed360
    
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_amd64.deb
      Size/MD5:    54526 6b723bbd20889704ca2cbd95067f151d
    
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_amd64.deb
      Size/MD5:    54196 fd9c85128b607d7df0339033102363db
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.3ubuntu0.1_amd64.deb
      Size/MD5:    52524 1ef5d455faa9f522ace1c7b06aff8ca0
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.3ubuntu0.1_amd64.deb
      Size/MD5:   171254 0c0b5377e38c80bc53a36aa4bb9d38fe
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.3ubuntu0.1_amd64.deb
      Size/MD5:   264802 3a8f1cde60bc029316fc1a9948a1eeea
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.3ubuntu0.1_amd64.deb
      Size/MD5:   117620 82cdfbb8f1883a52682a2808fe4ec98e

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.3ubuntu0.1_i386.deb
      Size/MD5:   242882 26d8e5125fd2b51b67a8217bd1efa180
    
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_i386.deb
      Size/MD5:    52458 1e946756a860b576f046215d797e0c5b
    
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_i386.deb
      Size/MD5:    52298 8d3e15320e81595c47f620b84d683008
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.3ubuntu0.1_i386.deb
      Size/MD5:    50400 6f84abc1a297ec90540b69f017c92191
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.3ubuntu0.1_i386.deb
      Size/MD5:   152680 902f2fa39200df4c9ac4e8cfcab8d5a1
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.3ubuntu0.1_i386.deb
      Size/MD5:   258066 7033a447f8e1847b93312bfa9f9c02ec
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.3ubuntu0.1_i386.deb
      Size/MD5:   110840 64ed0e4b55f330ad24045809e72ccd06

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.3ubuntu0.1_powerpc.deb
      Size/MD5:   264940 70dd4d15d19b170f1c70d38d0bc10193
    
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_powerpc.deb
      Size/MD5:    56018 5b54526494ddf58a33e4bdf543bba780
    
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_powerpc.deb
      Size/MD5:    56380 56032db698c428dcbe75b4d757512b93
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.3ubuntu0.1_powerpc.deb
      Size/MD5:    55278 14739969a83cde545f3b0e66f8ce3101
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.3ubuntu0.1_powerpc.deb
      Size/MD5:   194980 c1e2415b877b8193fe354b1b94d967c6
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.3ubuntu0.1_powerpc.deb
      Size/MD5:   267870 9a90c5d48cad62a75d2407ad599fc154
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.3ubuntu0.1_powerpc.deb
      Size/MD5:   121432 f23c6ac86b2abd990251f3ea30a283bd

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5ubuntu1.1.diff.gz
      Size/MD5:    31862 3524326b12a7f4c2a54083112a441980
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5ubuntu1.1.dsc
      Size/MD5:     1123 6dc5725b50d570fdc3afaa31f6243fc2
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.orig.tar.gz
      Size/MD5:  1531667 670f9a0c0a99cf09d679cd5c859a3715

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu1.1_amd64.deb
      Size/MD5:   259210 287831264637aedc415a393847aaa066
    
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu1.1_amd64.deb
      Size/MD5:    54948 17e37f99a905e84cd76351fcbeac834c
    
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu1.1_amd64.deb
      Size/MD5:    54588 ab164006d7872d14c6778bd132ed1b23
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5ubuntu1.1_amd64.deb
      Size/MD5:    52918 742856dceb4a990996f168a115b5d2f7
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5ubuntu1.1_amd64.deb
      Size/MD5:   171660 e8ebfc525ada0011c5860a8ea820c6aa
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5ubuntu1.1_amd64.deb
      Size/MD5:   265256 9be5062981bdea93da18e3a24fbbb061
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5ubuntu1.1_amd64.deb
      Size/MD5:   118028 807e7c5b7e0837c5bf93e7a2963f18ef

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu1.1_i386.deb
      Size/MD5:   243314 a0a5e5f019fabd504c1168ce60f053ec
    
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu1.1_i386.deb
      Size/MD5:    52906 dfb616094ef57f7591ad8f966b4b4d03
    
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu1.1_i386.deb
      Size/MD5:    52722 03f25ef77dfd9c2cce364101ed0ed633
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5ubuntu1.1_i386.deb
      Size/MD5:    50824 9150dd1343df64ee2c57eb240ecfe498
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5ubuntu1.1_i386.deb
      Size/MD5:   153116 dee82b6c2ca3f763075ff3d5e824ee55
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5ubuntu1.1_i386.deb
      Size/MD5:   258560 df153bf88fae21444d00afe5c5c1fc90
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5ubuntu1.1_i386.deb
      Size/MD5:   110772 5566e338cc8f4ebb754b5dc5a25b7a00

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu1.1_powerpc.deb
      Size/MD5:   265354 ebe27122c4b062fa1f1ef906830c19c2
    
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu1.1_powerpc.deb
      Size/MD5:    56622 7274aa84b2169d61ae8a5f8f1fe167d0
    
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu1.1_powerpc.deb
      Size/MD5:    56820 e9b6941fba543aedad4233c093a7ef86
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5ubuntu1.1_powerpc.deb
      Size/MD5:    55704 80c45956bd1585e718eeefa64843d017
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5ubuntu1.1_powerpc.deb
      Size/MD5:   195596 696a075b2b9a10ee61721dfca74368b4
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5ubuntu1.1_powerpc.deb
      Size/MD5:   268496 1d4a058025aa4210dc4aea5642e126ef
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5ubuntu1.1_powerpc.deb
      Size/MD5:   122386 71f7a563360db5af4cff6a922e6cdc88

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5ubuntu4.2.diff.gz
      Size/MD5:    32238 4379bdd1b85a544b1b8200f4bd75ef22
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5ubuntu4.2.dsc
      Size/MD5:     1118 3dd711ae4a6b42a25c3ba17c5f9a0184
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.orig.tar.gz
      Size/MD5:  1531667 670f9a0c0a99cf09d679cd5c859a3715

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu4.2_amd64.deb
      Size/MD5:   258702 06e792a8a438c8347e364516d2d481e1
    
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu4.2_amd64.deb
      Size/MD5:    55334 03cebb2b22658b6171a75ea73940b44e
    
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu4.2_amd64.deb
      Size/MD5:    54902 32f5cdff758267e7e67c2901b12b3262
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5ubuntu4.2_amd64.deb
      Size/MD5:    53392 8acf7ae921df96d2460503f4b100d1e9
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5ubuntu4.2_amd64.deb
      Size/MD5:   170336 c7067225cf809df464530d11700f4b1a
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5ubuntu4.2_amd64.deb
      Size/MD5:   265392 9519f2faec1133bf07bd4e6262b37674
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5ubuntu4.2_amd64.deb
      Size/MD5:   120368 c62cca6d7ddbab89ca1d6618a9a4301e

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu4.2_i386.deb
      Size/MD5:   238452 43b2451a409fa46438c1ed6001ad0518
    
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu4.2_i386.deb
      Size/MD5:    52186 1fd7114b1c355e934f0b3363bed46293
    
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu4.2_i386.deb
      Size/MD5:    52068 58fab05b8c2d7c3e79a6101916aeff76
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5ubuntu4.2_i386.deb
      Size/MD5:    50668 4227edf80ec5b33196b605221d2637bf
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5ubuntu4.2_i386.deb
      Size/MD5:   148696 ef3c461dd0ef63c66d0c2445f98db5c2
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5ubuntu4.2_i386.deb
      Size/MD5:   257950 b471034597675dbfb182134de1bcffae
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5ubuntu4.2_i386.deb
      Size/MD5:   110322 77f37efe9cf5edabced6ffb2a2c4937d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu4.2_powerpc.deb
      Size/MD5:   263098 d1e24e56a8e8ea8f45fb20125afb513a
    
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu4.2_powerpc.deb
      Size/MD5:    57070 62459acdd743c3ad9f157f6fb924b1ec
    
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5ubuntu4.2_powerpc.deb
      Size/MD5:    57118 4a38b908ca8756b72007e2f6d3bd7da1
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5ubuntu4.2_powerpc.deb
      Size/MD5:    56332 5e512eade662a77ced5a75b91260990c
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5ubuntu4.2_powerpc.deb
      Size/MD5:   195132 dbcc356c7ac44eb2baf60f272887b365
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5ubuntu4.2_powerpc.deb
      Size/MD5:   269998 6fdecbfe27152db023c579a046fdf0cf
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5ubuntu4.2_powerpc.deb
      Size/MD5:   126618 6ae431cb9da835c0c443f802398d8a15

Attachment: signature.asc
Description: Digital signature


  By Date           By Thread  

Current thread:
  • [USN-272-1] cyrus-sasl2 vulnerability Martin Pitt (Apr 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault