How does one tell the first redhat fix vs the second redhat fix for this issue? Both RHSA show the same source package.... adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm adf38e226dfa211bb2e7e83c5c5418b9 cyrus-sasl-1.5.24-26.src.rpm John, might want to make sure you have the latest RH source. John Newbigin wrote: > The following errata for CentOS-2 have been built and uploaded the the > centos mirror: > > RHSA-2004:546-01 Updated cyrus-sasl packages fix security flaw > > Files available: > cyrus-sasl-1.5.24-26.i386.rpm > cyrus-sasl-devel-1.5.24-26.i386.rpm > cyrus-sasl-gssapi-1.5.24-26.i386.rpm > cyrus-sasl-md5-1.5.24-26.i386.rpm > cyrus-sasl-plain-1.5.24-26.i386.rpm > > > More details are available from the RedHat web site at > https://rhn.redhat.com/errata/rh21as-errata.html > > The easy way to make sure you are up to date with all the latest patches > is to run: > # yum update > >