USN-790-1: Cyrus SASL vulnerability
24 June 2009
Cyrus SASL vulnerability
James Ralston discovered that the Cyrus SASL base64 encoding function
could be used unsafely. If a remote attacker sent a specially crafted
request to a service that used SASL, it could lead to a loss of privacy,
or crash the application, resulting in a denial of service.
The problem can be corrected by updating your system to the following package versions:
After a standard system upgrade you need to restart services using SASL
to effect the necessary changes.