cyrus-sasl security update seemed to fail

From: Oliver Fuchs (oliverfuchs_at_onlinehome.de)
Date: 10/14/04

Next message: Riccardo Vestrini: "adding a non-packaged extension to mozilla-firefox"

Previous message: Erik Jakobsen: "Equivalents ?."
Next in thread: Oliver Fuchs: "Re: cyrus-sasl security update seemed to fail (solved)"
Reply: Oliver Fuchs: "Re: cyrus-sasl security update seemed to fail (solved)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 14 Oct 2004 10:23:07 +0200
To: Debian User <debian-user@lists.debian.org>

Hi,

I have updated my debian woody box via dselect (update) with the latest
cyrus-sasl update:

[...]
cyrus-sasl (1.5.27-3woody3) stable-security; urgency=high
  * Non-maintainer upload by the Security Team
  * Corrected the assignment to path which is a char *, not a char
-- Martin Schulze <joey@infodrom.org> Tue, 12 Oct 2004 15:54:04 +0200
cyrus-sasl (1.5.27-3woody2) stable-security; urgency=high
  * Non-maintainer upload by the Security Team
  * Added special detection routine for big/little endianess on MIPS since
    the line "byteorder : {big|little} endian" from /proc/cpuinfo was
    removed as of Linux 2.4.20, resulting in the mipsel buildd being
    unable to build this package.
-- Martin Schulze <joey@infodrom.org> Mon, 11 Oct 2004 16:28:45 +0200
cyrus-sasl (1.5.27-3woody1) stable-security; urgency=high
  * Non-maintainer upload by the Security Team
  * Applied upstream patch to not blindly trust SASL_PATH blindly anymore
    [lib/common.c, CAN-2004-0884]

-- Martin Schulze <joey@infodrom.org> Fri, 8 Oct 2004 16:45:19 +0200
[...]

In my sendmail.mc I am using:
define(`SMART_HOST', `[smtp.memyselfandI.de]')dnl
FEATURE(`authinfo')dnl

My authinfo looks like this:
AuthInfo:smtp.memyselfandI.de "U:whoareyou" "P:donttellanyone"

Before the security update everything worked o.k ... I could use the
SMTP-AUTH without any problems.

Doing a
telnet localhost smtp
ehlo locahost

shows me

250 AUTH DIGEST-MD5 PLAIN LOGIN GSSAPI CRAM-MD5

Since the security update the sendmail SMTP-AUTH is not working anymore
instead I reveive a

temporary auth failure

in my sendmail logs. The telnet localhost smtp command does not show any

250 AUTH

message anymore.

I do not know exactly if I am missing something but I think that this
security-update

Package : cyrus-sasl
Vulnerability : unsanitised input
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0884
Debian Bug : 275498

is not running without errors.

Oliver

-- 
... don't touch the bang bang fruit
-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Next message: Riccardo Vestrini: "adding a non-packaged extension to mozilla-firefox"

Previous message: Erik Jakobsen: "Equivalents ?."
Next in thread: Oliver Fuchs: "Re: cyrus-sasl security update seemed to fail (solved)"
Reply: Oliver Fuchs: "Re: cyrus-sasl security update seemed to fail (solved)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]