Home > Security > Advisories

Advisories

Mandriva Advisories

Package name cyrus-sasl
Date June 8th, 2005
Advisory ID MDKA-2005:031
Affected versions CS3.0, MNF2.0
Synopsis Updated cyrus-sasl packages fix LDAP authentication disconnect bug

Problem Description

A problem was discovered in saslauthd (part of cyrus-sasl which handles
the Simple Authentication and Security Layer (SASL)) when using the
LDAP authentication mechanism. If the connection with the LDAP server
was torn down (due to an idle timeout, for example), saslauthd would
error immediately instead of trying again with the credentials it
already has, causing the client application to display an error as if
the password was incorrect.

Any administrators relying on saslauthd with LDAP authentication should
upgrade their packages.

Updated Packages

Corporate Server 3.0

 c65e6c4459c891c46edfab97fc675e5b  corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.4.C30mdk.i586.rpm
fb771251722ba526cec78f015974641f  corporate/3.0/RPMS/libsasl2-2.1.15-10.4.C30mdk.i586.rpm
930675963bddfde02a2ff2a11c51908f  corporate/3.0/RPMS/libsasl2-devel-2.1.15-10.4.C30mdk.i586.rpm
459f38fc4ef29e361cf4529c309d6207  corporate/3.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.4.C30mdk.i586.rpm
591e34ed39567c2dc76a72355203bc03  corporate/3.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.4.C30mdk.i586.rpm
ae0c8af4813833e917284ed9dcc0180e  corporate/3.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.4.C30mdk.i586.rpm
3d8479383bcdabb9488ec05f23c9971d  corporate/3.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.4.C30mdk.i586.rpm
c2c0ecff71244caeb4c9496d6dd65ebf  corporate/3.0/RPMS/libsasl2-plug-login-2.1.15-10.4.C30mdk.i586.rpm
75986499bae559f0d81ccaa8338c2fd0  corporate/3.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.4.C30mdk.i586.rpm
1aefa7c4fe11f2f2d6b5bd2b9c479476  corporate/3.0/RPMS/libsasl2-plug-otp-2.1.15-10.4.C30mdk.i586.rpm
82ddb5a30c10feb49e79fd5f19c60536  corporate/3.0/RPMS/libsasl2-plug-plain-2.1.15-10.4.C30mdk.i586.rpm
214a1a65d1653fbd41d3bb72520b9ec0  corporate/3.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.4.C30mdk.i586.rpm
af0e2bca123c6619db24f29789b1bbeb  corporate/3.0/RPMS/libsasl2-plug-srp-2.1.15-10.4.C30mdk.i586.rpm
fe1335c41d512172f99093b1e46359d4  corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.4.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 542d7f056b3b89f7c992d8993a260d27  x86_64/corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.4.C30mdk.x86_64.rpm
d9dcd91bac2609e956439f5682f931d7  x86_64/corporate/3.0/RPMS/lib64sasl2-2.1.15-10.4.C30mdk.x86_64.rpm
a3fec00f5dbf5a65f4bc0a3895d8514e  x86_64/corporate/3.0/RPMS/lib64sasl2-devel-2.1.15-10.4.C30mdk.x86_64.rpm
7cfa6598aef788e956db3dec6c882de7  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-anonymous-2.1.15-10.4.C30mdk.x86_64.rpm
373084c797ed607b6874705b486ce971  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-crammd5-2.1.15-10.4.C30mdk.x86_64.rpm
25d1c25d0820d117adac1266f7fcd997  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-digestmd5-2.1.15-10.4.C30mdk.x86_64.rpm
685392ecdaeeaa548425fdbfa496bf60  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-gssapi-2.1.15-10.4.C30mdk.x86_64.rpm
56e7af60ce8c6c48d1e1616b3e863a3d  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-login-2.1.15-10.4.C30mdk.x86_64.rpm
6900ae9c053ee4afb91576f303d90bb5  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-ntlm-2.1.15-10.4.C30mdk.x86_64.rpm
28bf67adf35ff880e07b0b66ea47f474  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-otp-2.1.15-10.4.C30mdk.x86_64.rpm
ebdac3198a8e2a1ae2cefca0ea6c0698  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-plain-2.1.15-10.4.C30mdk.x86_64.rpm
15bdf7a4ea425272f8d3e1e3df04d3ba  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-sasldb-2.1.15-10.4.C30mdk.x86_64.rpm
bce0018a755b022192ad7f6d09c0bbb7  x86_64/corporate/3.0/RPMS/lib64sasl2-plug-srp-2.1.15-10.4.C30mdk.x86_64.rpm
fe1335c41d512172f99093b1e46359d4  x86_64/corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.4.C30mdk.src.rpm

Multi Network Firewall 2.0

 6b4cd1694795b4c45d6b1095863eed6a  mnf/2.0/RPMS/cyrus-sasl-2.1.15-10.4.M20mdk.i586.rpm
1ada2887dd82ffb35635cee88cce74e7  mnf/2.0/RPMS/libsasl2-2.1.15-10.4.M20mdk.i586.rpm
77910ff56d55f721ac772baaf52b021e  mnf/2.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.4.M20mdk.i586.rpm
eee5da72dff98183c222a54825ee1caf  mnf/2.0/SRPMS/cyrus-sasl-2.1.15-10.4.M20mdk.src.rpm

Upgrade

To upgrade automatically, use MandrivaUpdate.


Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.