8.41. cyrus-sasl


Updated cyrus-sasl packages that fix two bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.
The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer (SASL). SASL is a method for adding authentication support to connection-based protocols.

Bug Fixes

BZ#838628
A memory leak in the Digest MD5 plugin was discovered. Specifically, the make_client_response() function did not correctly free the output buffer. Consequently, applications that used Digest MD5 with very large datasets could terminate unexpectedly. This update corrects make_client_response() and closes the memory leak. As a result, applications using Digest MD5 as part of authentication with large datasets now work as expected.
BZ#1081445
Previously, unnecessary quote characters were used in the cyrus-sasl.spec file when the user was created using the useradd command. Consequently, the Saslauth user was created with quotes in the comment field ("Saslauthd user"). With this update, unnecessary quotes have been removed from the comment field.
In addition, this update adds the following

Enhancement

BZ#994242
The ad_compat option has been backported to the cyrus-sasl packages from upstream. This option controls compatibility with AD or similar servers that require both integrity and confidentiality bits selected during security layer negotiation.
Users of cyrus-sasl are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.