Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > February 2005 > Four Fedora Legacy Security Advisories

February 2005

Four Fedora Legacy Security Advisories

ID: 00159
Ref: 142/2005
Date: 23 February 2005:14:25:40
Version: 1
Title: Four Fedora Legacy Security Advisories
Abstract:
Vendors affected: Fedora Legacy
Operating systems affected: Fedora Legacy
Applications affected: Fedora Legacy
Title
=====

Four Fedora Legacy Security Advisories:

1. FLSA:1944 - GNOME VFS updates address extfs vulnerability

2. FLSA:1945 - Updated sox packages fix buffer overflows

3. FLSA:2058 - Updated cdrtools packages fix a security issue

4. FLSA:2137 - Updated cyrus-sasl resolves security vulnerabilities

Detail
======

1. GNOME VFS is the GNOME virtual file system. It provides a modular
architecture and ships with several modules that implement support
for file systems, HTTP, FTP, and others. The extfs backends make it
possible to implement file systems for GNOME VFS using scripts.

2. Buffer overflows existed in the parsing of WAV file header fields. It
was possible that a malicious WAV file could have caused arbitrary code
to be executed when the file was played or converted. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0557 to these issues.

3. Max Vozeler found that the cdrecord program, when is set suid root,
fails to drop privileges when it executes a program specified by the
user through the $RSH environment variable. This can be abused by a
local attacker to obtain root privileges. In the default configuration
of Red Hat Linux 9, the cdrecord program is not set suid root and
this attack is not possible. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0806 to this issue.

4. The cyrus-sasl package contains the Cyrus implementation of SASL.
SASL is the Simple Authentication and Security Layer, a method for
adding authentication support to connection-based protocols.




1.


- -----------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: GNOME VFS updates address extfs vulnerability
Advisory ID: FLSA:1944
Issue date: 2005-02-20
Product: Red Hat Linux
Keywords: Security
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1944
CVE Names: CAN-2004-0494
- -----------------------------------------------------------------------


- -----------------------------------------------------------------------
1. Topic:

Updated GNOME VFS packages that remove potential extfs-related
vulnerabilities are now available.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386

3. Problem description:

GNOME VFS is the GNOME virtual file system. It provides a modular
architecture and ships with several modules that implement support
for file systems, HTTP, FTP, and others. The extfs backends make it
possible to implement file systems for GNOME VFS using scripts.

Flaws have been found in several of the GNOME VFS extfs backend scripts.
Red Hat Linux ships with vulnerable scripts, but they are not used by
default. An attacker who is able to influence a user to open a
specially-crafted URI using gnome-vfs could perform actions as that
user. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0494 to this issue.

Users of Red Hat Linux should upgrade to these updated packages,
which remove these unused scripts.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only
those RPMs which are currently installed will be updated. Those RPMs
which are not installed but included in the list will not be updated.
Note that you can also use wildcards (*.rpm) if your current directory
*only* contains the desired RPMs.

Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www fedoralegacy.org/docs for directions on how
to configure yum and apt-get.

5. Bug IDs fixed:

http://bugzilla.fedora.us - 1944 - CAN-2004-0494 GNOME VFS extfs
vulnerability

6. RPMs required:

Red Hat Linux 7.3:

SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/gnome-vfs-1.0.5-4.1.legacy.src.rpm

i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/gnome-vfs-1.0.5-4.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/gnome-vfs-devel-1.0.5-4.1.legacy.i386.rpm

Red Hat Linux 9:

SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/gnome-vfs-1.0.5-13.1.legacy.src.rpm
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/gnome-vfs2-2.2.2-4.1.legacy.src.rpm

i386: http://download.fedoralegacy.org/redhat/9/updates/i386/gnome-vfs-1.0.5-13.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/gnome-vfs2-2.2.2-4.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/gnome-vfs2-devel-2.2.2-4.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/gnome-vfs-devel-1.0.5-13.1.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name
- ------------------------------------------------------------------------

1b2e233aa6ae55ae23a6789fb13c5b6448a2a949
7.3/updates/i386/gnome-vfs-1.0.5-4.1.legacy.i386.rpm
7a651d8d5ddfc1838664551c97f0326a385f80d1
7.3/updates/i386/gnome-vfs-devel-1.0.5-4.1.legacy.i386.rpm
95d81f3f9744e57c41b80057fd9c1d210cb3f772
7.3/updates/SRPMS/gnome-vfs-1.0.5-4.1.legacy.src.rpm
0c4d06767ec7ffefbcdb77b66f8845502204d5da
9/updates/i386/gnome-vfs-1.0.5-13.1.legacy.i386.rpm
8f5c82ba289b2e7b51079af4867ddddaf66006d4
9/updates/i386/gnome-vfs2-2.2.2-4.1.legacy.i386.rpm
65650947bcc05f583b0833ad429e8204e7533fa2
9/updates/i386/gnome-vfs2-devel-2.2.2-4.1.legacy.i386.rpm
e702fbcd55b20e6208fe460eb83035173e25a1c4
9/updates/i386/gnome-vfs-devel-1.0.5-13.1.legacy.i386.rpm
5a6db00010fefa6117f5b417262279c7d2645a6a
9/updates/SRPMS/gnome-vfs-1.0.5-13.1.legacy.src.rpm
b48bb8e86f9300f2a0b6da398bf3004cba2c19c3
9/updates/SRPMS/gnome-vfs2-2.2.2-4.1.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy org/about/security.php

You can verify each package with the following command:

rpm --checksig -v

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

sha1sum

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0494

9. Contact:

The Fedora Legacy security contact is .
More project details at http://www.fedoralegacy.org

- ---------------------------------------------------------------------


2.


- ---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated sox packages fix buffer overflows
Advisory ID: FLSA:1945
Issue date: 2005-02-20
Product: Red Hat Linux
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=1945
CVE Names: CAN-2004-0557
- ---------------------------------------------------------------------


- ---------------------------------------------------------------------
1. Topic:

Updated sox packages that fix buffer overflows in the WAV file
handling code are now available.

SoX (Sound eXchange) is a sound file format converter. SoX can convert
between many different digitized sound formats and perform simple sound
manipulation functions, including sound effects.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386

3. Problem description:

Buffer overflows existed in the parsing of WAV file header fields. It
was possible that a malicious WAV file could have caused arbitrary code
to be executed when the file was played or converted. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0557 to these issues.

All users of sox should upgrade to these updated packages, which contain a
security patch to resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.

Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. This assumes that you have yum or
apt-get configured for obtaining Fedora Legacy content. Please visit
http://www fedoralegacy.org/docs for directions on how to configure
yum and apt-get.

5. Bug IDs fixed:

http://bugzilla.fedora.us - bug #1945 - sox buffer overflows

6. RPMs required:

Red Hat Linux 7.3:

SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/sox-12.17.3-4.1.legacy.src.rpm

i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/sox-12.17.3-4.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sox-devel-12.17.3-4.1.legacy.i386.rpm

Red Hat Linux 9:

SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/sox-12.17.3-11.1.legacy.src.rpm

i386: http://download.fedoralegacy.org/redhat/9/updates/i386/sox-12.17.3-11.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/sox-devel-12.17.3-11.1.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name
- ---------------------------------------------------------------------

5e0a7fa217885c997e7172017a61ee70ac2301b6
redhat/7.3/updates/i386/sox-12.17.3-4.1.legacy.i386.rpm
0f383f050988875f273e15d9c0aadd802d88001f
redhat/7.3/updates/i386/sox-devel-12.17.3-4.1.legacy.i386.rpm
b7735f908b893f2b3cd3d9681bc230af3a1344e7
redhat/7.3/updates/SRPMS/sox-12.17.3-4.1.legacy.src.rpm
42f91c34c3ce2ada6f0119961f92e747d962ab43
redhat/9/updates/i386/sox-12.17.3-11.1.legacy.i386.rpm
bcc6f5c29e9df358703ff70233ba90a23e01e8cb
redhat/9/updates/i386/sox-devel-12.17.3-11.1.legacy.i386.rpm
45f91336a69fb652fc1d4b0594a53784d3d1eb87
redhat/9/updates/SRPMS/sox-12.17.3-11.1.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key
is available from http://www.fedoralegacy org/about/security.php

You can verify each package with the following command:

rpm --checksig -v

If you only wish to verify that each package has not been corrupted
or tampered with, examine only the sha1sum with the following command:

sha1sum

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0557

9. Contact:

The Fedora Legacy security contact is .
More project details at http://www.fedoralegacy.org

- ---------------------------------------------------------------------



3.


- ---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated cdrtools packages fix a security issue
Advisory ID: FLSA:2058
Issue date: 2005-02-20
Product: Red Hat Linux
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2058
CVE Names: CAN-2004-0806
- ---------------------------------------------------------------------


- ---------------------------------------------------------------------
1. Topic:

Updated cdrtools packages that fix a privilege escalation vulnerability
are now available.

Cdrtools is a collection of CD/DVD utilities.

2. Relevant releases/architectures:

Red Hat Linux 9 - i386

3. Problem description:

Max Vozeler found that the cdrecord program, when is set suid root,
fails to drop privileges when it executes a program specified by the
user through the $RSH environment variable. This can be abused by a
local attacker to obtain root privileges. In the default configuration
of Red Hat Linux 9, the cdrecord program is not set suid root and
this attack is not possible. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0806 to this issue.

Users of cdrtools are advised to upgrade to these errata packages,
which contain a backported patch correcting this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.

Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. This assumes that you have yum or
apt-get configured for obtaining Fedora Legacy content. Please visit
http://www fedoralegacy.org/docs for directions on how to configure yum
and apt-get.

5. Bug IDs fixed:

http://bugzilla.fedora.us - bug #2058 - cdrecord suid privilege escalation

6. RPMs required:

Red Hat Linux 9:

SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/cdrtools-2.0-11.9.3.legacy.src.rpm

i386: http://download.fedoralegacy.org/redhat/9/updates/i386/cdda2wav-2.0-11.9.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/cdrecord-2.0-11.9.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/cdrecord-devel-2.0-11.9.3.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/mkisofs-2.0-11.9.3.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name
- ---------------------------------------------------------------------

6ec40cf0eb0853bbb2cfe36d17349aaed55e82fa
redhat/9/updates/i386/cdda2wav-2.0-11.9.3.legacy.i386.rpm
ca6510d1737dcc5d2a7491d4b908999bd4cf9003
redhat/9/updates/i386/cdrecord-2.0-11.9.3.legacy.i386.rpm
b524bf67a74450990cb95f249153c6e266acbf03
redhat/9/updates/i386/cdrecord-devel-2.0-11.9.3.legacy.i386.rpm
291b49e8ab22b2d1f27052504b41bd1cd25a7c24
redhat/9/updates/i386/mkisofs-2.0-11.9.3.legacy.i386.rpm
b138f4696e00faa674c141b8152337f87d6c01f6
redhat/9/updates/SRPMS/cdrtools-2.0-11.9.3.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key
is available from http://www.fedoralegacy org/about/security.php

You can verify each package with the following command:

rpm --checksig -v

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

sha1sum

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0806

9. Contact:

The Fedora Legacy security contact is . More
project details at http://www.fedoralegacy.org

- ---------------------------------------------------------------------



4.


- -----------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated cyrus-sasl resolves security vulnerabilities
Advisory ID: FLSA:2137
Issue date: 2005-02-17
Product: Red Hat Linux
Fedora Core
Keywords: Security
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2137
CVE Names: CAN-2004-0884
- -----------------------------------------------------------------------


- -----------------------------------------------------------------------
1. Topic:

Updated cyrus-sasl packages that fix a security vulnerability are
now available.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

The cyrus-sasl package contains the Cyrus implementation of SASL.
SASL is the Simple Authentication and Security Layer, a method for
adding authentication support to connection-based protocols.

At application startup, libsasl and libsasl2 attempts to build a
list of all available SASL plug-ins which are available on the system.
To do so, the libraries search for and attempt to load every shared
library found within the plug-in directory. This location can be
set with the SASL_PATH environment variable.

In situations where an untrusted local user can affect the environment
of a privileged process, this behavior could be exploited to run
arbitrary code with the privileges of a setuid or setgid application.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0884 to this issue.

4. Solution:

Before applying this update, make sure all previously released
Errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the desired RPMs.

Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. This assumes that you have yum or
apt-get configured for obtaining Fedora Legacy content. Please visit
http://www fedoralegacy.org/docs for directions on how to configure yum
and apt-get.

5. Bug IDs fixed:

http://bugzilla.fedora.us - 2137 - cyrus-sasl setuid/setgid flaw
(CAN-2004-0884)

6. RPMs required:

Red Hat Linux 7.3:

SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/cyrus-sasl-1.5.24-25.2.legacy.src.rpm


i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/cyrus-sasl-1.5.24-25.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/cyrus-sasl-devel-1.5.24-25.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/cyrus-sasl-gssapi-1.5.24-25.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/cyrus-sasl-md5-1.5.24-25.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/cyrus-sasl-plain-1.5.24-25.2.legacy.i386.rpm

Red Hat Linux 9:

SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/cyrus-sasl-2.1.10-4.2.legacy.src.rpm

i386: http://download.fedoralegacy.org/redhat/9/updates/i386/cyrus-sasl-2.1.10-4.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/cyrus-sasl-devel-2.1.10-4.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/cyrus-sasl-gssapi-2.1.10-4.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/cyrus-sasl-md5-2.1.10-4.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/cyrus-sasl-plain-2.1.10-4.2.legacy.i386.rpm

Fedora Core 1

SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/cyrus-sasl-2.1.15-6.2.legacy.src.rpm

i386: http://download.fedoralegacy.org/fedora/1/updates/i386/cyrus-sasl-2.1.15-6.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/cyrus-sasl-devel-2.1.15-6.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/cyrus-sasl-gssapi-2.1.15-6.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/cyrus-sasl-md5-2.1.15-6.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/cyrus-sasl-plain-2.1.15-6.2.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name
- ---------------------------------------------------------------------------

b1a8f0ec581a4241ad5426c66610fbd333d43cd6
redhat/7.3/updates/SRPMS/cyrus-sasl-1.5.24-25.2.legacy.src.rpm
b4667fa03cb7395b7e0535fcdb74de78f4ee1a90
redhat/7.3/updates/i386/cyrus-sasl-1.5.24-25.2.legacy.i386.rpm
a5df6f8feca3944d60e10ec94264229d157b5ad6
redhat/7.3/updates/i386/cyrus-sasl-devel-1.5.24-25.2.legacy.i386.rpm
bc1e6e9cae9e1065a90327c752558c1f891f91a7
redhat/7.3/updates/i386/cyrus-sasl-gssapi-1.5.24-25.2.legacy.i386.rpm
61d28e3fbab415d6b37ac759bb154a54d94995c1
redhat/7.3/updates/i386/cyrus-sasl-md5-1.5.24-25.2.legacy.i386.rpm
6c8b1eae837a084f29fd572e781acc38e54c5201
redhat/7.3/updates/i386/cyrus-sasl-plain-1.5.24-25.2.legacy.i386.rpm

d7fdf0513e1b05543801354137b27660c7c1df9b
redhat/9/updates/SRPMS/cyrus-sasl-2.1.10-4.2.legacy.src.rpm
99dae02364cc6ba8e26ef4b080e555d85647f9e2
redhat/9/updates/i386/cyrus-sasl-2.1.10-4.2.legacy.i386.rpm
a6d19e7fbfb6ea5ef16b37a98cf03bbde7467059
redhat/9/updates/i386/cyrus-sasl-devel-2.1.10-4.2.legacy.i386.rpm
e1021e337cf247eb42d795f37e786783567ac39b
redhat/9/updates/i386/cyrus-sasl-gssapi-2.1.10-4.2.legacy.i386.rpm
df7f3f58cf8967b22b7c599e9d7cdbc151b7ee51
redhat/9/updates/i386/cyrus-sasl-md5-2.1.10-4.2.legacy.i386.rpm
c8851e0319d7cdb337d9ce34fe0c099383770473
redhat/9/updates/i386/cyrus-sasl-plain-2.1.10-4.2.legacy.i386.rpm

67070836cf1f9ab742789e2d1787d9b5d18cb5c1
fedora/1/updates/SRPMS/cyrus-sasl-2.1.15-6.2.legacy.src.rpm
ef9d0ad17d1f5e8b9fa1f054a3ee5686d6886eec
fedora/1/updates/i386/cyrus-sasl-2.1.15-6.2.legacy.i386.rpm
d698f0da0e60a574052aa3c9780599f3a16c1af1
fedora/1/updates/i386/cyrus-sasl-devel-2.1.15-6.2.legacy.i386.rpm
40e3c0bd3a66bea24a255a9cc923c975d4848e65
fedora/1/updates/i386/cyrus-sasl-gssapi-2.1.15-6.2.legacy.i386.rpm
2d19e1de5a5f36574af71bf0eb1087f1322b03de
fedora/1/updates/i386/cyrus-sasl-md5-2.1.15-6.2.legacy.i386.rpm
a13820031b39c60ff44c32f3fb265f1b6101fa05
fedora/1/updates/i386/cyrus-sasl-plain-2.1.15-6.2.legacy.i386.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy org/about/security.php

You can verify each package with the following command:

rpm --checksig -v

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

sha1sum

8. References:

https://rhn.redhat.com/errata/RHSA-2004-546.html

9. Contact:

The Fedora Legacy security contact is . More
project details at http://www.fedoralegacy.org
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |