User: Password:
|
|
Subscribe / Log in / New account

Yellow Dog alert YDU-20030917-2 (sendmail)

From:  Terra Soft Security Team <security@terrasoftsolutions.com>
To:  yellowdog-updates@lists.terrasoftsolutions.com
Subject:  Yellow Dog Linux Security Advisory: YDU-20030917-2
Date:  17 Sep 2003 22:36:09 -0600

Yellow Dog Linux Security Announcement -------------------------------------- Package: sendmail Issue Date: Sep 17,2003 Priority: high Advisory ID: YDU-20030917-2 1. Topic: Updated sendmail packages are available. 2. Problem: "Updated Sendmail packages that fix a potentially-exploitable vulnerability are now available. Sendmail is a widely used Mail Transport Agent (MTA) and is included in all [Yellow Dog] Linux distributions. Michal Zalewski found a bug in the prescan() function of unpatched Sendmail versions prior to 8.12.10. The sucessful exploitation of this bug can lead to heap and stack structure overflows. Although no exploit currently exists, this issue is locally exploitable and may also be remotely exploitable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0694 to this issue. Additionally, for [Yellow Dog Linux 3.0] we have included a fix for a potential buffer overflow in ruleset parsing. This problem is not exploitable in the default sendmail configuration; it is exploitable only if non-standard rulesets recipient (2), final (4), or mailer-specific envelope recipients rulesets are used. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0681 to this issue. All users are advised to update to these erratum packages containing a backported patch which corrects these vulnerabilities." (from Red Hat Advisory) 3. Solution: Updates are available immediately via YDL.Net Enhanced. a) Updating via yum... We suggest that you use the yum program to keep your system up-to-date. The following command(s) will retrieve and install the fixed version of this update onto your system: yum update sendmail b) Updating manually... Download the updates below and then run the following rpm command. (Please use a mirror site) rpm -Fvh [filenames] ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/ ppc/sendmail-8.12.8-9.90.ppc.rpm ppc/sendmail-cf-8.12.8-9.90.ppc.rpm ppc/sendmail-devel-8.12.8-9.90.ppc.rpm ppc/sendmail-doc-8.12.8-9.90.ppc.rpm 4. Verification MD5 checksum Package -------------------------------- ---------------------------- 3a5bf029ea75ec5159ea3ddc54f7b973 SRPMS/sendmail-8.12.8-9.90.src.rpm 2bf11c277a1108834e1a411dbd4873f2 ppc/sendmail-8.12.8-9.90.ppc.rpm bdd699dc394a1306d66675d7c9e5b118 ppc/sendmail-cf-8.12.8-9.90.ppc.rpm 00389b26a272d0de34af2270d50ef825 ppc/sendmail-devel-8.12.8-9.90.ppc.rpm 590a8eafe943ef0200b734c89b088967 ppc/sendmail-doc-8.12.8-9.90.ppc.rpm If you wish to verify that each package has not been corrupted or tampered with, examine the md5sum with the following command: md5sum <filename> 5. Misc. Terra Soft has setup a moderated mailing list where these security, bugfix, and package enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more information. For information regarding the usage of yum, see: http://www.yellowdoglinux.com/support/solutions/ydl_general/yum.shtml _______________________________________________ yellowdog-updates mailing list yellowdog-updates@lists.terrasoftsolutions.com http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-updates


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds