Daca entereseaza pe careva axl ----- Original Message ----- From: "Slackware Security Team" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 27, 2001 4:11 AM Subject: [slackware-security] sendmail and procmail update > > > An input validation error in sendmail has been discovered by Cade Cairns of > SecurityFocus. This problem can be exploited by local users to gain root > access. It is not exploitable by remote attackers without shell access. > New packages based on sendmail.8.11.6 have been prepared for Slackware 7.1 > and 8.0. > > Detailed information about this security problem may be found here: > http://www.securityfocus.com/bid/3163 > > New procmail packages have been prepared as well, based on procmail-3.21. > The ChangeLog notes that these problems were fixed as of procmail-3.20, > but it's not known how serious they really are: > - SECURITY: don't do unsafe things from signal handlers: > - ignore TRAP when terminating because of a signal > - resolve the host and protocol of COMSAT when it is set > - save the absolute path form of $LASTFOLDER for the comsat > message when it is set > - only use the log buffer if it's safe > > > WHERE TO FIND THE NEW PACKAGES: > ------------------------------- > > Updated packages for Slackware 8.0: > ftp://ftp1.sourceforge.net/pub/slackware/slackware-8.0/patches/packages/proc mail.tgz > ftp://ftp1.sourceforge.net/pub/slackware/slackware-8.0/patches/packages/send mail.tgz > ftp://ftp1.sourceforge.net/pub/slackware/slackware-8.0/patches/packages/smai lcfg.tgz > > Updated packages for Slackware 7.1: > ftp://ftp1.sourceforge.net/pub/slackware/slackware-7.1/patches/packages/proc mail.tgz > ftp://ftp1.sourceforge.net/pub/slackware/slackware-7.1/patches/packages/send mail.tgz > ftp://ftp1.sourceforge.net/pub/slackware/slackware-7.1/patches/packages/smai lcfg.tgz > > > MD5 SIGNATURES: > --------------- > > Here are the md5sums for the packages: > > Slackware 8.0 packages: > 56099f1bce9643e44342711878a7ceb0 ./packages/procmail.tgz > 3d03fd648ecf40eed56ff915780fb8ab ./packages/sendmail.tgz > 1a13d98a11d0af853893a640909d8958 ./packages/smailcfg.tgz > > Slackware 7.1 packages: > 121f13cecaaac0efdc1b510b68e6c147 ./packages/procmail.tgz > 7c0e57969057ba72e6b59e26aa39de04 ./packages/sendmail.tgz > 9e30e9e07fce4001bbf7f330cb2f9d71 ./packages/smailcfg.tgz > > > INSTALLATION INSTRUCTIONS: > -------------------------- > > First, kill any existing sendmail processes: > > killall -9 sendmail > > Then, as root, upgrade the sendmail package with upgradepkg: > > upgradepkg sendmail.tgz > > Then, restart sendmail: > > /usr/sbin/sendmail -bd -q15m > > > > - Slackware Linux Security Team > http://www.slackware.com > > > +------------------------------------------------------------------------+ > | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | > +------------------------------------------------------------------------+ > | Send an email to [EMAIL PROTECTED] with this text in the body of | > | the email message: | > | | > | unsubscribe slackware-security | > | | > | You will get a confirmation message back. Follow the instructions to | > | complete the unsubscription. Do not reply to this message to | > | unsubscribe! | > +------------------------------------------------------------------------+ --- Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to unsubscribe from this list.
