Updated cyrus-sasl packages available for Red Hat Linux 7

Advisory:	RHSA-2000:094-01
Type:	Security Advisory
Severity:	N/A
Issued on:	2000-10-26
Last updated on:	2000-10-26
Affected Products:	Red Hat Linux 7.0
OVAL:	N/A
CVEs (cve.mitre.org):	CVE-2000-0956

Details

Updated cyrus-sasl packages are now available for Red Hat Linux 7.

An error existed in the authorization checks in the version of cyrus-sasl
shipped with Red Hat Linux 7. Due to this bug, users who had been
successfully authenticated could be allowed access to resources even if the
system had been configured to deny these users access.

Versions of cyrus-sasl included in previous releases of Red Hat Power Tools
did not implement this function and are not affected by this bug.

Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Updated packages

Red Hat Linux 7.0

i386:
ftp://updates.redhat.com/7.0/i386/cyrus-sasl-1.5.24-11.i386.rpm Missing file	`59aaec92c60ddaed257bd581d976055b`

Bugs fixed (see bugzilla for more information)

18968 - cyrus-sasl-1.5.24 is not the "real" 1.5.24

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0956
N/A

Keywords

authorization

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/