|| ||Terra Soft Security Team <email@example.com>|
|| ||Yellow Dog Linux Security Advisory: YDU-20030917-2|
|| ||17 Sep 2003 22:36:09 -0600|
Yellow Dog Linux Security Announcement
Issue Date: Sep 17,2003
Advisory ID: YDU-20030917-2
Updated sendmail packages are available.
"Updated Sendmail packages that fix a potentially-exploitable vulnerability
are now available.
Sendmail is a widely used Mail Transport Agent (MTA) and is included in all
[Yellow Dog] Linux distributions.
Michal Zalewski found a bug in the prescan() function of unpatched Sendmail
versions prior to 8.12.10. The sucessful exploitation of this bug can lead
to heap and stack structure overflows. Although no exploit currently
exists, this issue is locally exploitable and may also be remotely
exploitable. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0694 to this issue.
Additionally, for [Yellow Dog Linux 3.0] we have included a fix for a
potential buffer overflow in ruleset parsing. This problem is not
exploitable in the default sendmail configuration; it is exploitable only
if non-standard rulesets recipient (2), final (4), or mailer-specific
envelope recipients rulesets are used. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2003-0681 to
All users are advised to update to these erratum packages containing a
backported patch which corrects these vulnerabilities."
(from Red Hat Advisory)
Updates are available immediately via YDL.Net Enhanced.
a) Updating via yum...
We suggest that you use the yum program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
yum update sendmail
b) Updating manually...
Download the updates below and then run the following rpm command.
(Please use a mirror site)
rpm -Fvh [filenames]
MD5 checksum Package
If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: md5sum <filename>
Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
For information regarding the usage of yum, see:
yellowdog-updates mailing list
to post comments)