News

=========================================================== Ubuntu Security Notice USN-272-1 April 24, 2006 cyrus-sasl2 vulnerability CVE-2006-1721 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: libsasl2-modules-gssapi-heimdal The problem can be corrected by upgrading the affected package to version 2.1.19-1.3ubuntu0.1 (for Ubuntu 4.10), 2.1.19-1.5ubuntu1.1 (for Ubuntu 5.04), or 2.1.19-1.5ubuntu4.2 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. If you configured Postfix, OpenLDAP or possibly other server applications to use SASL with the DIGEST-MD5 plugin, you need to restart these services after the security upgrade. Details follow: A Denial of Service vulnerability has been discovered in the SASL authentication library when using the DIGEST-MD5 plugin. By sending a specially crafted realm name, a malicious SASL server could exploit this to crash the application that uses SASL.