'Re: [courier-users] courier-authlib released.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       courier-users
Subject:    Re: [courier-users] courier-authlib released.
From:       Sam Varshavchik <mrsam () courier-mta ! com>
Date:       2022-03-08 13:54:10
Message-ID: cone.1646747650.778822.92313.1004 () monster ! email-scan ! com
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


Alexey Ivanov via courier-users writes:

> Sam,
>
> first of all thank you for updates and your work, always appreciate it!
>
>
> How critical is to update to the current release. Now running a version  
> since Sep 2021.
> It will be great to see a notice if something significant has been changed
> or a important bug corrected. A short notice - please update now - will be  
> great.

Well, the notice included in the announcement meant to do that.

> So far everything works well and I am asking myself - should I change  
> anything, why?
> you know - never fix a working system.

So, below, this is described as mostly academic. If I thought that this  
carried more importance, I would spell it out. I don't see any way to  
exploit this. You have to make the server process run out of memory first.  
That's a difficult, given that prior to authentication not much memory  
allocation happens, and once authenticated you have a new process started,  
wiping the slate clean, and the code is not used any more.


> On 08/03/2022 15.25, Sam Varshavchik wrote:
>> Download: http://www.courier-mta.org/download.html#authlib
>>
>> Changes:
>>
>> • Fix a theoretical memory corruption during authentication if the process  
>> runs out of memory. The server does not do much memory allocation prior to  
>> authentication, this is mostly academic.
>>
>>
>>
>> _______________________________________________
>> courier-users mailing list
>> courier-users@lists.sourceforge.net
>> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
>
> --
> Alex
>
>
> _______________________________________________
> courier-users mailing list
> courier-users@lists.sourceforge.net
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[Attachment #5 (application/pgp-signature)]



_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic