[slackware-security] Sendmail buffer overflow fixed
The sendmail packages in Slackware 8.1 and -current have been patched to fix a security problem. All sites running sendmail should upgrade. More information on the problem can be found here: http://www.sendmail.org/8.12.8.html Here are the details from the Slackware 8.1 ChangeLog: +--------------------------+ Mon Mar 3 10:29:01 PST 2003 patches/packages/sendmail-8.12.8-i386-1.tgz: Upgraded to sendmail-8.12.8. From sendmail's RELNOTES: SECURITY: Fix a remote buffer overflow in header parsing by dropping sender and recipient header comments if the comments are too long. Problem noted by Mark Dowd of ISS X-Force. (* Security fix *) patches/packages/sendmail-cf-8.12.8-noarch-1.tgz: Updated config files for sendmail-8.12.8. +--------------------------+ WHERE TO FIND THE NEW PACKAGES: +-----------------------------+ Updated packages for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-8.12.8-i386-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-cf-8.12.8-noarch-1.tgz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sendmail-8.12.8-i386-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sendmail-cf-8.12.8-noarch-1.tgz MD5 SIGNATURES: +-------------+ Here are the md5sums for the packages: Slackware 8.1 packages: c2c72b982d91d9ca0f59ab2afdf337f2 sendmail-8.12.8-i386-1.tgz 0b8e338169dca7487dd042ba070120d1 sendmail-cf-8.12.8-noarch-1.tgz Slackware -current packages: a9db559cd852164577f26efff1e9b36d sendmail-8.12.8-i386-1.tgz 0141c1f40e1efd148f9ccd1d5a09e7f0 sendmail-cf-8.12.8-noarch-1.tgz INSTALLATION INSTRUCTIONS: +------------------------+ As root, upgrade the sendmail package(s) with upgradepkg: upgradepkg sendmail-*.tgz Then, restart sendmail: /etc/rc.d/rc.sendmail restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key [EMAIL PROTECTED] +------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to [EMAIL PROTECTED] with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+Y7AXakRjwEAQIjMRAq4iAJwIucFzraCEl/TW5xNW3/A8OBCuuACfdnpB KnimFQKeMEWk+HEClZ0iCXc= =0WNi -----END PGP SIGNATURE----- ------- End of Forwarded Message ------- -- Bruno Henrique Collovini - [EMAIL PROTECTED] Internet and Network Security - Business Security EMBRATEL - Rio de Janeiro - BR +55 - 21 - 21 - 2121-3278 _______________________________________________ slack-users mailing list [EMAIL PROTECTED] http://www.linuxmag.com.br/mailman/listinfo/slack-users
