Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

4.20. cyrus-sasl

Updated cyrus-sasl packages that resolve memory leaks are now available.
The cyrus-sasl packages contain the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols.

Bug Fix

BZ#849581
A memory leak in the digest-md5 plugin was discovered. Specifically, make_client_request was called twice without being freed. Consequently, applications that used DIGEST-MD5 with very large datasets could (and did) crash. This update frees make_client_request correctly and closes the memory leak. Applications using DIGEST-MD5 as part of authentication with large datasets now work as expected.
Note: this update also incorporates two upstream memory leak fixes reported during customer testing.
All cyrus-sasl users should upgrade to these updated packages, which fix these leaks.