On Thu, 18 Sep 2003, Tony Wicks wrote:
Updates to the updates are now synced on the ftp.wicks.co.nz Redhat mirror.
Another one...
OT, but do you know if the RH 3.5p1-11 version fixes the same holes as the
official 3.7.1?
Jeez, it's kinda hard to pick on MS at this rate.
While we're watching the sky falling, here's some more stuff to worry
about:
Date: Wed, 17 Sep 2003 12:04:57 -0600
From: Todd C. Miller
To: security-announce(a)openbsd.org
Subject: buffer overflow in sendmail
A buffer overflow in sendmail's address parsing routines has been
found by Michal Zalewski. The bug appears to be remotely exploitable
on Linux and while it will be more difficult to exploit on OpenBSD
it still looks to be possible.
The bug has been fixed in OpenBSD-current, OpenBSD 3.4 as well as
the 3.2 and 3.3 -stable branches. Additionally, the current 3.4
snapshots also contain the fix. Patches are now available for
OpenBSD 3.2 and 3.3
Patch for OpenBSD 3.2:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/018_sendmail.patch
Patch for OpenBSD 3.3:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch
Note that this is the second revision of the patch that includes
an unrelated (and less critical) fix from Sendmail 8.12.10. That
fix is not included in OpenBSD 3.4 or the 3.4 snapshots as it
can only be triggered by non-standard rulesets.
For more information, please see Michal's advisory:
http://www.securityfocus.com/archive/1/337839/2003-09-14/2003-09-20/0
The release notes for Sendmail 8.12.10 also include related information:
http://www.sendmail.org/8.12.10.html
--
Juha Saarinen