On Thu, 18 Sep 2003, Tony Wicks wrote:
Updates to the updates are now synced on the ftp.wicks.co.nz Redhat mirror.
Another one... OT, but do you know if the RH 3.5p1-11 version fixes the same holes as the official 3.7.1?
Jeez, it's kinda hard to pick on MS at this rate.
While we're watching the sky falling, here's some more stuff to worry about: Date: Wed, 17 Sep 2003 12:04:57 -0600 From: Todd C. Miller <Todd.Miller(a)courtesan.com> To: security-announce(a)openbsd.org Subject: buffer overflow in sendmail A buffer overflow in sendmail's address parsing routines has been found by Michal Zalewski. The bug appears to be remotely exploitable on Linux and while it will be more difficult to exploit on OpenBSD it still looks to be possible. The bug has been fixed in OpenBSD-current, OpenBSD 3.4 as well as the 3.2 and 3.3 -stable branches. Additionally, the current 3.4 snapshots also contain the fix. Patches are now available for OpenBSD 3.2 and 3.3 Patch for OpenBSD 3.2: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/018_sendmail.patch Patch for OpenBSD 3.3: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/005_sendmail.patch Note that this is the second revision of the patch that includes an unrelated (and less critical) fix from Sendmail 8.12.10. That fix is not included in OpenBSD 3.4 or the 3.4 snapshots as it can only be triggered by non-standard rulesets. For more information, please see Michal's advisory: http://www.securityfocus.com/archive/1/337839/2003-09-14/2003-09-20/0 The release notes for Sendmail 8.12.10 also include related information: http://www.sendmail.org/8.12.10.html -- Juha Saarinen