Cyrus SASL Vulnerability Closed in Ubuntu 13.04

Users have to upgrade the operating systems in order to fix the problem

By on October 10th, 2013 19:01 GMT

On October 9, in a security notice, Canonical published details about a Cyrus SASL vulnerability in its Ubuntu 13.04 (Saucy Salamander) operating systems.

According to Canonical, Cyrus SASL could have been made to crash if it processed specially crafted input..

It has been discovered that Cyrus SASL incorrectly handled certain invalid password salts. An attacker could have used this issue to cause Cyrus SASL to crash, resulting in a denial of service.

For a more detailed description of the security problems, you can see Canonical's security notification.

The security flaws can be fixed if you upgrade your system(s) to the latest libsasl2-2 packages specific to each distribution. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes, but this time a system restart will be necessary to implement them.

Comments