Date: Sat, 29 Mar 2003 13:08:43 -0500
From: White Vampire <[email protected]>
To: [email protected]Subject: [[email protected]: [slackware-security] Sendmail buffer overflow fixed]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ----- Forwarded message from Slackware Security Team <[email protected]> -----
Return-Path: <[email protected]>
Delivered-To: whitvamp@localhost
Received: (qmail 7993 invoked from network); 25 Mar 2003 17:44:33 -0000
Received: from localhost (127.0.0.1)
by localhost with SMTP; 25 Mar 2003 17:44:33 -0000
Delivered-To: [email protected]
Received: from mail102.csoft.net [63.111.26.110]
by localhost with POP3 (fetchmail-5.8.3)
for whitvamp@localhost (single-drop); Tue, 25 Mar 2003 12:44:33 -0500 (EST)
Received: (qmail 76250 invoked from network); 4 Mar 2003 00:40:08 -0000
Received: from unknown (HELO ws4-2.us4.outblaze.com) (205.158.62.67)
by mail102.csoft.net with SMTP; 4 Mar 2003 00:40:08 -0000
Received: from spf2.us4.outblaze.com (205-158-62-24.outblaze.com [205.158.62.24])
by ws4-2.us4.outblaze.com (8.12.7/8.12.7) with ESMTP id h240bolV018458
for <[email protected]>; Tue, 4 Mar 2003 00:37:50 GMT
Received: from bob.slackware.com (slackware.com [64.57.102.34])
by spf2.us4.outblaze.com (8.12.7/8.12.7) with ESMTP id h23NOlBK098678
for <[email protected]>; Mon, 3 Mar 2003 23:27:06 GMT
Received: (from daemon@localhost)
by bob.slackware.com (8.11.6/8.11.6) id h23MOhp13226
for slackware-security-outgoing; Mon, 3 Mar 2003 14:24:43 -0800
Received: from localhost (security@localhost)
by bob.slackware.com (8.11.6/8.11.6) with ESMTP id h23MOhm13223
for <[email protected]>; Mon, 3 Mar 2003 14:24:43 -0800
Date: Mon, 3 Mar 2003 14:24:43 -0800 (PST)
From: Slackware Security Team <[email protected]>
To: [email protected]Subject: [slackware-security] Sendmail buffer overflow fixed
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: [email protected]
Precedence: bulk
Reply-To: Slackware Security Team <[email protected]>
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] Sendmail buffer overflow fixed
The sendmail packages in Slackware 8.1 and -current have been patched to fix
a security problem. All sites running sendmail should upgrade.
More information on the problem can be found here:
http://www.sendmail.org/8.12.8.html
Here are the details from the Slackware 8.1 ChangeLog:
+--------------------------+
Mon Mar 3 10:29:01 PST 2003
patches/packages/sendmail-8.12.8-i386-1.tgz: Upgraded to sendmail-8.12.8.
From sendmail's RELNOTES:
SECURITY: Fix a remote buffer overflow in header parsing by dropping sender
and recipient header comments if the comments are too long. Problem noted
by Mark Dowd of ISS X-Force.
(* Security fix *)
patches/packages/sendmail-cf-8.12.8-noarch-1.tgz: Updated config files for
sendmail-8.12.8.
+--------------------------+
WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+
Updated packages for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-8.12.8-i386-1.tgzftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-cf-8.12.8-noarch-1.tgz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sendmail-8.12.8-i386-1.tgzftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sendmail-cf-8.12.8-noarch-1.tgz
MD5 SIGNATURES:
+-------------+
Here are the md5sums for the packages:
Slackware 8.1 packages:
c2c72b982d91d9ca0f59ab2afdf337f2 sendmail-8.12.8-i386-1.tgz
0b8e338169dca7487dd042ba070120d1 sendmail-cf-8.12.8-noarch-1.tgz
Slackware -current packages:
a9db559cd852164577f26efff1e9b36d sendmail-8.12.8-i386-1.tgz
0141c1f40e1efd148f9ccd1d5a09e7f0 sendmail-cf-8.12.8-noarch-1.tgz
INSTALLATION INSTRUCTIONS:
+------------------------+
As root, upgrade the sendmail package(s) with upgradepkg:
upgradepkg sendmail-*.tgz
Then, restart sendmail:
/etc/rc.d/rc.sendmail restart
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key[email protected]
+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to [email protected] with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+Y7AXakRjwEAQIjMRAq4iAJwIucFzraCEl/TW5xNW3/A8OBCuuACfdnpB
KnimFQKeMEWk+HEClZ0iCXc=
=0WNi
- -----END PGP SIGNATURE-----
- ----- End forwarded message -----
- --
\ | \ / White Vampire\Rem | http://gammaforce.org/
\|\| \/ [email protected] | http://gammagear.com/
"Silly hacker, root is for administrators." | http://webfringe.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)
iD8DBQE+heEq3+rxmnEDyl8RApZ3AJ9oXisP7Y2DeHQSI3FCgefQFbkCcACeL4Wt
CHuAb00apkFPlamBSiJV+ug=
=vvsT
-----END PGP SIGNATURE-----
