[prev in list] [next in list] [prev in thread] [next in thread]
List: courier-users
Subject: Re: [courier-users] courier-authlib released.
From: Sam Varshavchik <mrsam () courier-mta ! com>
Date: 2022-03-08 13:54:10
Message-ID: cone.1646747650.778822.92313.1004 () monster ! email-scan ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Alexey Ivanov via courier-users writes:
> Sam,
>
> first of all thank you for updates and your work, always appreciate it!
>
>
> How critical is to update to the current release. Now running a version
> since Sep 2021.
> It will be great to see a notice if something significant has been changed
> or a important bug corrected. A short notice - please update now - will be
> great.
Well, the notice included in the announcement meant to do that.
> So far everything works well and I am asking myself - should I change
> anything, why?
> you know - never fix a working system.
So, below, this is described as mostly academic. If I thought that this
carried more importance, I would spell it out. I don't see any way to
exploit this. You have to make the server process run out of memory first.
That's a difficult, given that prior to authentication not much memory
allocation happens, and once authenticated you have a new process started,
wiping the slate clean, and the code is not used any more.
> On 08/03/2022 15.25, Sam Varshavchik wrote:
>> Download: http://www.courier-mta.org/download.html#authlib
>>
>> Changes:
>>
>> • Fix a theoretical memory corruption during authentication if the process
>> runs out of memory. The server does not do much memory allocation prior to
>> authentication, this is mostly academic.
>>
>>
>>
>> _______________________________________________
>> courier-users mailing list
>> courier-users@lists.sourceforge.net
>> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
>
> --
> Alex
>
>
> _______________________________________________
> courier-users mailing list
> courier-users@lists.sourceforge.net
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[Attachment #5 (application/pgp-signature)]
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic