If you haven't heard about these through other means... Both of these carry some degree of exposure to remote exploit.
There is a new release of OpenSSH as of yesterday - make sure you get version 3.7.1, which came out late in the day. www.openssh.org There's a new release of Sendmail as well, look for version 8.12.10 at www.sendmail.org. All versions prior to this are vulnerable. The original announcement said "Local exploitation on little endian Linux is confirmed to be trivial ... remote exploit is believed to be possible." Customers of the commercial Sendmail Switch products can expect a patch release shortly on your customer download page. (I happen to work for Sendmail Inc, but I am in no way speaking for the company.) --Steve. --- Send mail for the `bblisa' mailing list to [EMAIL PROTECTED]'. Mail administrative requests to [EMAIL PROTECTED]'.
