[HSC-Unix] Sendmail security advisory
Borries Demeler
demeler at bioc09.v19.uthscsa.edu
Tue Mar 4 06:42:05 CST 2003
Below is an alert by Slackware Security about an update in sendmail
that fixes a buffer overflow problem. I suspect anyone running sendmail
may be affected, so here is your heads-up...
-Borries
Forwarded message:
> From owner-slackware-security at slackware.com Mon Mar 3 20:04:08 2003
> Date: Mon, 3 Mar 2003 14:24:43 -0800 (PST)
> From: Slackware Security Team <security at slackware.com>
> To: slackware-security at slackware.com
> Subject: [slackware-security] Sendmail buffer overflow fixed
> Message-ID: <Pine.LNX.4.21.0303031424220.13214-100000 at bob.slackware.com>
> MIME-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> Sender: owner-slackware-security at slackware.com
> Precedence: bulk
> Reply-To: Slackware Security Team <security at slackware.com>
> X-SpamBouncer: 1.5 (11/20/02)
> X-SBNote: FROM_DAEMON/Listserv
> X-SBPass: No Freemail Filtering
> X-SBClass: Bulk
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> [slackware-security] Sendmail buffer overflow fixed
>
> The sendmail packages in Slackware 8.1 and -current have been patched to fix
> a security problem. All sites running sendmail should upgrade.
>
> More information on the problem can be found here:
>
> http://www.sendmail.org/8.12.8.html
>
> Here are the details from the Slackware 8.1 ChangeLog:
> +--------------------------+
> Mon Mar 3 10:29:01 PST 2003
> patches/packages/sendmail-8.12.8-i386-1.tgz: Upgraded to sendmail-8.12.8.
> From sendmail's RELNOTES:
> SECURITY: Fix a remote buffer overflow in header parsing by dropping sender
> and recipient header comments if the comments are too long. Problem noted
> by Mark Dowd of ISS X-Force.
> (* Security fix *)
> patches/packages/sendmail-cf-8.12.8-noarch-1.tgz: Updated config files for
> sendmail-8.12.8.
> +--------------------------+
>
>
>
> WHERE TO FIND THE NEW PACKAGES:
> +-----------------------------+
>
> Updated packages for Slackware 8.1:
> ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-8.12.8-i386-1.tgz
> ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-cf-8.12.8-noarch-1.tgz
>
> Updated packages for Slackware -current:
> ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sendmail-8.12.8-i386-1.tgz
> ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sendmail-cf-8.12.8-noarch-1.tgz
>
>
>
> MD5 SIGNATURES:
> +-------------+
>
> Here are the md5sums for the packages:
>
> Slackware 8.1 packages:
> c2c72b982d91d9ca0f59ab2afdf337f2 sendmail-8.12.8-i386-1.tgz
> 0b8e338169dca7487dd042ba070120d1 sendmail-cf-8.12.8-noarch-1.tgz
>
> Slackware -current packages:
> a9db559cd852164577f26efff1e9b36d sendmail-8.12.8-i386-1.tgz
> 0141c1f40e1efd148f9ccd1d5a09e7f0 sendmail-cf-8.12.8-noarch-1.tgz
>
>
>
> INSTALLATION INSTRUCTIONS:
> +------------------------+
>
> As root, upgrade the sendmail package(s) with upgradepkg:
>
> upgradepkg sendmail-*.tgz
>
> Then, restart sendmail:
>
> /etc/rc.d/rc.sendmail restart
>
>
>
> +-----+
>
> Slackware Linux Security Team
> http://slackware.com/gpg-key
> security at slackware.com
>
> +------------------------------------------------------------------------+
> | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
> +------------------------------------------------------------------------+
> | Send an email to majordomo at slackware.com with this text in the body of |
> | the email message: |
> | |
> | unsubscribe slackware-security |
> | |
> | You will get a confirmation message back. Follow the instructions to |
> | complete the unsubscription. Do not reply to this message to |
> | unsubscribe! |
> +------------------------------------------------------------------------+
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQE+Y7AXakRjwEAQIjMRAq4iAJwIucFzraCEl/TW5xNW3/A8OBCuuACfdnpB
> KnimFQKeMEWk+HEClZ0iCXc=
> =0WNi
> -----END PGP SIGNATURE-----
More information about the HSC-Unix
mailing list