Updated cyrus-sasl packages that resolve memory leaks are now available.
The cyrus-sasl packages contain the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols.
A memory leak in the digest-md5 plugin was discovered. Specifically, make_client_request was called twice without being freed. Consequently, applications that used DIGEST-MD5 with very large datasets could (and did) crash. This update frees make_client_request correctly and closes the memory leak. Applications using DIGEST-MD5 as part of authentication with large datasets now work as expected.
Note: this update also incorporates two upstream memory leak fixes reported during customer testing.
All cyrus-sasl users should upgrade to these updated packages, which fix these leaks.