Skip to navigation

Security Advisory Updated cyrus-sasl packages available for Red Hat Linux 7

Advisory: RHSA-2000:094-01
Type: Security Advisory
Severity: N/A
Issued on: 2000-10-26
Last updated on: 2000-10-26
Affected Products: Red Hat Linux 7.0
CVEs (cve.mitre.org): CVE-2000-0956

Details

Updated cyrus-sasl packages are now available for Red Hat Linux 7.

An error existed in the authorization checks in the version of cyrus-sasl
shipped with Red Hat Linux 7. Due to this bug, users who had been
successfully authenticated could be allowed access to resources even if the
system had been configured to deny these users access.

Versions of cyrus-sasl included in previous releases of Red Hat Power Tools
did not implement this function and are not affected by this bug.


Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Updated packages

Red Hat Linux 7.0

SRPMS:
cyrus-sasl-1.5.24-11.src.rpm
File outdated by:  RHSA-2001:150
    MD5: 6a969df3702bb670ae65cf0824146472
 
IA-32:
cyrus-sasl-1.5.24-11.i386.rpm
File outdated by:  RHSA-2001:150
    MD5: 59aaec92c60ddaed257bd581d976055b
 

Bugs fixed (see bugzilla for more information)

18968 - cyrus-sasl-1.5.24 is not the "real" 1.5.24


References


Keywords

authorization


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/