USN-790-1: Cyrus SASL vulnerability
Ubuntu Security Notice USN-790-1
24th June, 2009
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 9.04
- Ubuntu 8.10
- Ubuntu 8.04 LTS
- Ubuntu 6.06 LTS
James Ralston discovered that the Cyrus SASL base64 encoding function
could be used unsafely. If a remote attacker sent a specially crafted
request to a service that used SASL, it could lead to a loss of privacy,
or crash the application, resulting in a denial of service.
The problem can be corrected by updating your system to the following package version:
- Ubuntu 9.04:
- libsasl2-2 2.1.22.dfsg1-23ubuntu3.1
- Ubuntu 8.10:
- libsasl2-2 2.1.22.dfsg1-21ubuntu2.1
- Ubuntu 8.04 LTS:
- libsasl2-2 2.1.22.dfsg1-18ubuntu2.1
- Ubuntu 6.06 LTS:
- libsasl2 2.1.19.dfsg1-0.1ubuntu3.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to restart services using SASL
to effect the necessary changes.