Debian Security Advisory DSA 563-2 (cyrus-sasl)

The remote host is missing an update to cyrus-sasl announced via advisory DSA 563-2.

This advisory corrects DSA 563-1 which contained a library that caused other programs to fail unindented. For the stable distribution (woody) this problem has been fixed in version 1.5.27-3woody3. For reference the advisory text follows: A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. The library honors the environment variable SASL_PATH blindly, which allows a local user to link against a malicious library to run arbitrary code with the privileges of a setuid or setgid application. For the unstable distribution (sid) this problem has been fixed in version 1.5.28-6.2 of cyrus-sasl and in version 2.1.19-1.3 of cyrus-sasl2. We recommend that you upgrade your libsasl packages.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20563-2