Debian Security Advisory DSA 568-1 - A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. The library honors the environment variable SASL_PATH blindly, which allows a local user to link against a malicious library to run arbitrary code with the privileges of a setuid or setgid application.
94dfb416a2d838aac6036c6e0afd7a491195e67628c775de9243c1d4b0f6e946