Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 270261
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Conrad Kostecki <ConiKost@gmx.de>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 270261 depends on: Show dependency tree
Bug 270261 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2009-05-18 09:23 0000 
dev-libs/cyrus-sasl-2.1.23 is out!

This version includes a fix for a potential buffer 
overflow in sasl_encode64()

------- Comment #1 From Robert Buchholz 2009-05-18 12:05:28 0000 ------- 
Quoting CERT:
The sasl_encode64() function converts a string into base64. The Cyrus SASL
library contains buffer overflows that occur because of unsafe use of the
sasl_encode64() function.
II. Impact
A remote attacker might be able to execute code, or cause any programs relying
on SASL to crash or be unavailable.

------- Comment #2 From Robert Buchholz 2009-05-18 12:25:47 0000 ------- 
Note that the new release has changed ABI without changing SONAME revisions
properly. This might lead to crashes in existing code.

------- Comment #3 From Tobias Scherbaum 2009-05-18 16:24:38 0000 ------- 
2.1.23 is in CVS. It's p.masked for now - it needs more testing (only thing i
could test so far is the berkdb backend).

------- Comment #4 From Robert Buchholz 2009-05-18 17:54:43 0000 ------- 
CVE-2009-0688 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0688):
  Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23
  might allow remote attackers to execute arbitrary code or cause a
  denial of service (application crash) via strings that are used as
  input to the sasl_encode64 function in lib/saslutil.c.

------- Comment #5 From Tobias Scherbaum 2009-06-05 19:31:58 0000 ------- 
(In reply to comment #3)
> 2.1.23 is in CVS. It's p.masked for now - it needs more testing (only thing i
> could test so far is the berkdb backend).
> 

and now unmasked.

------- Comment #6 From Alex Legler 2009-06-08 15:03:18 0000 ------- 
Let's call arches on the 10th.

------- Comment #7 From Robert Buchholz 2009-06-25 01:05:13 0000 ------- 
Arches, please test and mark stable:
=dev-libs/cyrus-sasl-2.1.23
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"

------- Comment #8 From Christian Faulhammer 2009-06-25 11:32:57 0000 ------- 
 * Applying cyrus-sasl-2.1.22-ntlm_impl-spnego.patch.gz ...

 * Failed Patch: cyrus-sasl-2.1.22-ntlm_impl-spnego.patch.gz !
 *  ( /var/tmp/portage/dev-libs/cyrus-sasl-2.1.23/temp/23295.patch )
 *
 * Include in your bugreport the contents of:
 *
 *  
/var/tmp/portage/dev-libs/cyrus-sasl-2.1.23/temp/cyrus-sasl-2.1.22-ntlm_impl-spnego.patch.gz-23295.out

 *

------- Comment #9 From Jeroen Roovers 2009-06-25 13:57:55 0000 ------- 
(In reply to comment #8)
>  * Applying cyrus-sasl-2.1.22-ntlm_impl-spnego.patch.gz ...

I think the "support" in USE=ntlm_unsupported_patch means "security support".
;)

------- Comment #10 From Tobias Scherbaum 2009-06-25 16:27:43 0000 ------- 
(In reply to comment #8)
>  * Applying cyrus-sasl-2.1.22-ntlm_impl-spnego.patch.gz ...
> 
>  * Failed Patch: cyrus-sasl-2.1.22-ntlm_impl-spnego.patch.gz !
>  *  ( /var/tmp/portage/dev-libs/cyrus-sasl-2.1.23/temp/23295.patch )
>  *
>  * Include in your bugreport the contents of:
>  *
>  *  
> /var/tmp/portage/dev-libs/cyrus-sasl-2.1.23/temp/cyrus-sasl-2.1.22-ntlm_impl-spnego.patch.gz-23295.out
> 
>  *
> 
There's a bug about that, i'll try to fix it soonish (well, it worked for
me?!?!? - *shrugs*)

------- Comment #11 From Jeroen Roovers 2009-06-25 18:43:50 0000 ------- 
Stable for HPPA.

------- Comment #12 From Tobias Scherbaum 2009-06-25 19:31:22 0000 ------- 
(In reply to comment #10)
> There's a bug about that, i'll try to fix it soonish (well, it worked for
> me?!?!? - *shrugs*)
> 

Fixed in CVS.

------- Comment #13 From Christian Faulhammer 2009-06-26 13:31:56 0000 ------- 
(In reply to comment #12)
> (In reply to comment #10)
> > There's a bug about that, i'll try to fix it soonish (well, it worked for
> > me?!?!? - *shrugs*)
> > 
> 
> Fixed in CVS.
> 

 I cannot find that fix.

------- Comment #14 From Tobias Scherbaum 2009-06-26 16:04:25 0000 ------- 
(In reply to comment #13)
>  I cannot find that fix.

Args. Now it's really fixed.

------- Comment #15 From Tobias Klausmann 2009-06-26 19:44:07 0000 ------- 
Stable on alpha.

------- Comment #16 From Christian Faulhammer 2009-06-27 09:29:32 0000 ------- 
x86 stable

------- Comment #17 From Brent Baude 2009-06-27 12:59:19 0000 ------- 
ppc64 done

------- Comment #18 From Brent Baude 2009-06-27 12:59:25 0000 ------- 
ppc done

------- Comment #19 From Richard Freeman 2009-06-27 21:51:20 0000 ------- 
amd64 done

------- Comment #20 From Raúl Porcel 2009-06-30 13:35:47 0000 ------- 
arm/ia64/s390/sh/sparc stable

------- Comment #21 From Robert Buchholz 2009-07-12 17:51:06 0000 ------- 
GLSA 200907-09
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug