The errata was released twice because RH fu**ed up the RHEL3 version.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134979
"Additional Comment #8 From Mark J. Cox (Security Response Team) on
2004-10-07 16:47 -------
(Note this flaw only affects the RHEL 3 cyrus-sasl packages, the RHEL
2.1 packages contained a correct patch)"
donavan nelson wrote:
> How does one tell the first redhat fix vs the second redhat fix for this
> issue?
>
> Both RHSA show the same source package....
>
> adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm
> adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm
>
>
> John, might want to make sure you have the latest RH source.
Don't worry, it is in good hands. See comment #11
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=128462
John.
>
>
> John Newbigin wrote:
>
>> The following errata for CentOS-2 have been built and uploaded the the
>> centos mirror:
>>
>> RHSA-2004:546-01 Updated cyrus-sasl packages fix security flaw
>>
>> Files available:
>> cyrus-sasl-1.5.24-26.i386.rpm
>> cyrus-sasl-devel-1.5.24-26.i386.rpm
>> cyrus-sasl-gssapi-1.5.24-26.i386.rpm
>> cyrus-sasl-md5-1.5.24-26.i386.rpm
>> cyrus-sasl-plain-1.5.24-26.i386.rpm
>>
>>
>> More details are available from the RedHat web site at
>> https://rhn.redhat.com/errata/rh21as-errata.html
>>
>> The easy way to make sure you are up to date with all the latest patches
>> is to run:
>> # yum update
>>
>>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxxx
> http://www.caosity.org/mailman/listinfo/centos
>
>
>
--
John Newbigin
Computer Systems Officer
Faculty of Information and Communication Technologies
Swinburne University of Technology
Melbourne, Australia
http://www.it.swin.edu.au/staff/jnewbigin
