On 3/11/15 7:55 AM, Dan Lukes wrote:> Paul Hoffman wrote:
>> Can you say which email servers *other* than unpatched Ironport fail?
>> Cisco has known about this for many months; see
<https://tools.cisco.com/quickview/bug/CSCuo25276>
> Note that Bug CSCuo25276 is considered duplicate of the bug CSCuo25329.
>
>> If that's true (I can't confirm), why would we want to do a
patch to our core crypto?
> Good question. The following should be taken into consideration.
>
> According CSCuo25329, the issue has been fixed on Mar 2,2015 in
> 8.0.2-055 and 8.5.6-063 release of Cisco Email Security Appliance.
>
> There are three known affected releases only - 8.0.1-023, 8.5.0-473,
> 8.5.5-280
well my problem is that I don't know what the other ends are running
exactly, but they are pretty big institution.
Comonwealth Bank of Australia, and Western Australian department of
Education (which shares infrastructure with the rest of the
government, so, I might as well just say "state of Western Australia".
I don't contact a LOT of large institutions, so given that I had two
failures over a small sample, and that the documents in each case were
very important, I think it's worth some sort of action. Big
institutions don't take updates that often, so its hard to know when
they will update their mail appliances. (they may also not be ironport
appliances, I just know those are susceptible).
since hte change is coming in on the next sendmail anyhow I see no
reason to not take it..
Julian>
> Dan
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at
freebsd.org"
>
>