What exactly are you suggesting? That we all turn off sendmail because
of some as yet unknown vunerablity?
BTW, do you receive these Red Hat Security Alerts? You'll have to have
sendmail working to receive them ;-)
06/12 [EMAIL PROTECTED] [RHSA-2001:077-05] LPRng fails to drop supplement
06/22 [EMAIL PROTECTED] [RHSA-2001:084-03] Kernel: FTP iptables vulnerabi
06/22 [EMAIL PROTECTED] [RHSA-2001:071-05] New updated XFree86 packages a
06/26 [EMAIL PROTECTED] [RHSA-2001:086-06] New Samba packages available f
07/06 [EMAIL PROTECTED] [RHSA-2001:092-02] Updated xinetd package availab
07/09 [EMAIL PROTECTED] [RHSA-2001:088-04] New xloadimage packages availa
07/16 [EMAIL PROTECTED] [RHSA-2001:095-04] New util-linux packages availa
07/16 [EMAIL PROTECTED] [RHSA-2001:091-07] New elm packages available for
[Note that these are only for the RPMs that I have installed.]
--- Vladimir
Vladimir G. Ivanovic http://www.leonora.org/~vladimir
2770 Cowper St. [EMAIL PROTECTED]
Palo Alto, CA 94306-2447 +1 650 678 8014
"JLT" == Jason L Tibbitts, <Jason> writes:
>>>>>> "VGI" == Vladimir G Ivanovic <[EMAIL PROTECTED]> writes:
VGI> "Connect to my machine"? How? You can telnet to port 25, but all you
VGI> can do is talk ESMTP. Is that a security risk?
JLT> It may be, if a vulnerability is discovered tomorrow. If that
JLT> happens, then what does Red Hat do? Get every single person who
JLT> has installed Red Hat Linux to upgrade to the fixed package? Or
JLT> sleep well knowing that the default installation is at least
JLT> protected from nonlocal attacks? Sure, sites who turned it back
JLT> on will have to either shut it off, upgrade to a fixed package,
JLT> or be insecure, but at least the problem has been significantly
JLT> diminished.
JLT> Won't happen? It's happened before. (Not just with Sendmail.)
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
