security advisory regarding cyrus-sasl?
Alexey Melnikov
alexey.melnikov at isode.com
Thu Apr 13 09:54:58 EDT 2006
Marcel Holtmann wrote:
>Hi Alexey,
>
>
>>>We saw this advisory for cyrus-sasl, but can't see the problem
>>>or the real issue.
>>>
>>>http://labs.musecurity.com/advisories/MU-200604-01.txt
>>>
>>>Is this issue for real?
>>>
>>>
>>Yes, certain malformed input can cause segfault in the server side
>>DIGEST-MD5 plugin.
>>DIGEST-MD5 client side might be affected as well.
>>
>>
>
>the advisory speaks about cyrus-sasl-2.1.18 and is really vague. Can you
>tell us when it got fixed and point to actual patch in the CVS. I assume
>that this issue has already been fixed in version 2.1.20, but I might be
>wrong.
>
>
Yes, 2.1.20 should do. 2.1.21 doesn't segfault. I didn't test any
versions in between.
More information about the Cyrus-sasl
mailing list