Updated cyrus-sasl packages that fix two bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.
The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer (SASL). SASL is a method for adding authentication support to connection-based protocols.
- A memory leak in the Digest MD5 plugin was discovered. Specifically, the make_client_response() function did not correctly free the output buffer. Consequently, applications that used Digest MD5 with very large datasets could terminate unexpectedly. This update corrects make_client_response() and closes the memory leak. As a result, applications using Digest MD5 as part of authentication with large datasets now work as expected.
- Previously, unnecessary quote characters were used in the cyrus-sasl.spec file when the user was created using the useradd command. Consequently, the Saslauth user was created with quotes in the comment field ("Saslauthd user"). With this update, unnecessary quotes have been removed from the comment field.
In addition, this update adds the following
- The ad_compat option has been backported to the cyrus-sasl packages from upstream. This option controls compatibility with AD or similar servers that require both integrity and confidentiality bits selected during security layer negotiation.
Users of cyrus-sasl are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.