Scientific Linux Security Update : cyrus-imapd on SL4.x, SL5.x i386/x86_64

It was discovered that the Cyrus SASL library cyrus-sasl does not always reliably terminate output from the saslencode64 function used by programs using this library. The Cyrus IMAP server cyrus-imapd relied on this function's output being properly terminated. Under certain conditions, improperly...

SuSE 10 Security Update : cyrus-sasl (ZYPP Patch Number 6250)

This update of cyrus-sasl improves the output of function saslencode64 by appending a 0 for string termination. The impact depends on the application that uses saslencode64. CVE-2009-0688 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

SuSE 11 Security Update : cyrus-sasl (SAT Patch Number 881)

This update of cyrus-sasl improves the output of function saslencode64 by appending a 0 for string termination. The impact depends on the application that uses saslencode64. CVE-2009-0688 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

SuSE9 Security Update : cyrus-sasl (YOU Patch Number 12419)

This update of cyrus-sasl improves the output of function saslencode64 by appending a 0 for string termination. The impact depends on the application that uses saslencode64. CVE-2009-0688 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

openSUSE Security Update : cyrus-sasl (cyrus-sasl-880)

This update of cyrus-sasl improves the output of function saslencode64 by appending a 0 for string termination. The impact depends on the application that uses saslencode64. CVE-2009-0688 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

openSUSE Security Update : cyrus-sasl (cyrus-sasl-880)

This update of cyrus-sasl improves the output of function saslencode64 by appending a 0 for string termination. The impact depends on the application that uses saslencode64. CVE-2009-0688 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

RedHat Security Advisory RHSA-2009:1116

The remote host is missing updates announced in advisory RHSA-2009:1116. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. It was discovered that the Cyrus SASL library cyrus-sasl does not always reliably terminate output from the saslencode...

cyrus-imapd security update

2.3.7-2.2 - add -fno-strict-aliasing to cflags 2.3.7-2.1 - fix saslencode64's buffers 505427...

Mandrake Security Advisory MDVSA-2009:113 (cyrus-sasl)

The remote host is missing an update to cyrus-sasl announced via advisory MDVSA-2009:113. OpenVAS Vulnerability Test $Id: mdksa2009113.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:113 cyrus-sasl Authors: Thomas Reinke Copyright: Copyright c 2009...

Debian Security Advisory DSA 1807-1 (cyrus-sasl2, cyrus-sasl2-heimdal)

The remote host is missing an update to cyrus-sasl2, cyrus-sasl2-heimdal announced via advisory DSA 1807-1. OpenVAS Vulnerability Test $Id: deb18071.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1807-1 cyrus-sasl2, cyrus-sasl2-heimdal Authors: Thomas Rein...

Debian DSA-1807-1 : cyrus-sasl2, cyrus-sasl2-heimdal - buffer overflow

"James Ralston discovered that the saslencode64 function of cyrus-sasl2, a free library implementing the Simple Authentication and Security Layer, suffers from a missing null termination in certain situations. This causes several buffer overflows in situations where cyrus-sasl2 itself requires th...

openSUSE 10 Security Update : cyrus-sasl (cyrus-sasl-6249)

This update of cyrus-sasl improves the output of function saslencode64 by appending a 0 for string termination. The impact depends on the application that uses saslencode64. CVE-2009-0688 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

FreeBSD Ports: cyrus-sasl

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Mandriva Linux Security Advisory : cyrus-sasl (MDVSA-2009:113-1)

Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash via strings that are used as input to the saslencode64 function in lib/saslutil.c CVE-2009-0688. The updated packages have be...

CVE-2009-0688

Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash via strings that are used as input to the saslencode64 function in lib/saslutil.c...

Buffer overflow

Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash via strings that are used as input to the saslencode64 function in lib/saslutil.c...

CVE-2009-0688

Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash via strings that are used as input to the saslencode64 function in lib/saslutil.c...

cyrus-sasl

New cyrus-sasl packages are available for Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue. A buffer overflow in the saslencode64 function could lead to a denial of service or possible execution of arbitrary code. More details about this issue may be found in the Commo...

Cyrus SASL library buffer overflow vulnerability

Overview The Cyrus SASL library contains a buffer overflow vulnerability that could allow an attacker to execute code or cause a vulnerable program to crash. Description SASL Simple Authentication and Security Layer is a method for adding authentication support to various protocols. SASL is...

cyrus-sasl -- buffer overflow vulnerability

US-CERT reports: The saslencode64 function converts a string into base64. The Cyrus SASL library contains buffer overflows that occur because of unsafe use of the saslencode64 function...