Your submission was sent successfully! Close

USN-790-1: Cyrus SASL vulnerability

24 June 2009

Cyrus SASL vulnerability




James Ralston discovered that the Cyrus SASL base64 encoding function
could be used unsafely. If a remote attacker sent a specially crafted
request to a service that used SASL, it could lead to a loss of privacy,
or crash the application, resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.04
Ubuntu 8.10
Ubuntu 8.04
Ubuntu 6.06

After a standard system upgrade you need to restart services using SASL
to effect the necessary changes.