cyrus-sasl security update seemed to fail
Hi,
I have updated my debian woody box via dselect (update) with the latest
cyrus-sasl update:
[...]
cyrus-sasl (1.5.27-3woody3) stable-security; urgency=high
* Non-maintainer upload by the Security Team
* Corrected the assignment to path which is a char *, not a char
-- Martin Schulze <joey@infodrom.org> Tue, 12 Oct 2004 15:54:04 +0200
cyrus-sasl (1.5.27-3woody2) stable-security; urgency=high
* Non-maintainer upload by the Security Team
* Added special detection routine for big/little endianess on MIPS since
the line "byteorder : {big|little} endian" from /proc/cpuinfo was
removed as of Linux 2.4.20, resulting in the mipsel buildd being
unable to build this package.
-- Martin Schulze <joey@infodrom.org> Mon, 11 Oct 2004 16:28:45 +0200
cyrus-sasl (1.5.27-3woody1) stable-security; urgency=high
* Non-maintainer upload by the Security Team
* Applied upstream patch to not blindly trust SASL_PATH blindly anymore
[lib/common.c, CAN-2004-0884]
-- Martin Schulze <joey@infodrom.org> Fri, 8 Oct 2004 16:45:19 +0200
[...]
In my sendmail.mc I am using:
define(`SMART_HOST', `[smtp.memyselfandI.de]')dnl
FEATURE(`authinfo')dnl
My authinfo looks like this:
AuthInfo:smtp.memyselfandI.de "U:whoareyou" "P:donttellanyone"
Before the security update everything worked o.k ... I could use the
SMTP-AUTH without any problems.
Doing a
telnet localhost smtp
ehlo locahost
shows me
250 AUTH DIGEST-MD5 PLAIN LOGIN GSSAPI CRAM-MD5
Since the security update the sendmail SMTP-AUTH is not working anymore
instead I reveive a
temporary auth failure
in my sendmail logs. The telnet localhost smtp command does not show any
250 AUTH
message anymore.
I do not know exactly if I am missing something but I think that this
security-update
Package : cyrus-sasl
Vulnerability : unsanitised input
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0884
Debian Bug : 275498
is not running without errors.
Oliver
--
... don't touch the bang bang fruit
Reply to: