Risks
Advisories
Browse
or
or
Slackware Security Advisory - Sendmail buffer overflow fixed
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  Sendmail buffer overflow fixed (NEW)

The sendmail packages in Slackware 8.0, 8.1, and 9.0 have been patched
to fix a security problem.  Note that this vulnerablity is NOT the same
one that was announced on March 3rd and requires a new fix.

All sites running sendmail should upgrade.  

More information on the problem can be found here:

http://www.sendmail.org/8.12.9.html

Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Sat Mar 29 13:46:36 PST 2003
patches/packages/sendmail-8.12.9-i386-1.tgz:  Upgraded to sendmail-8.12.9.
  From sendmail's RELEASE_NOTES:
    8.12.9/8.12.9   2003/03/29
    SECURITY: Fix a buffer overflow in address parsing due to
              a char to int conversion problem which is potentially
              remotely exploitable.  Problem found by Michal Zalewski.
              Note: an MTA that is not patched might be vulnerable to
              data that it receives from untrusted sources, which
              includes DNS.
  (* Security fix *)
patches/packages/sendmail-cf-8.12.9-noarch-1.tgz:  Updated config files for
  sendmail-8.12.9.
+--------------------------+



WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated packages for Slackware 8.0:
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/sendmail.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/smailcfg.tgz

Updated packages for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-8.12.9-
i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-cf-8.12
.9-noarch-1.tgz

Updated packages for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sendmail-8.12.9-
i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sendmail-cf-8.12
.9-noarch-1.tgz



MD5 SIGNATURES:
+-------------+

Here are the md5sums for the packages:

Slackware 8.0 packages:
c29c3063313534bee8db13c5afcd1abc  sendmail.tgz
1b3be9b45f0d078e1053b80069538ca7  smailcfg.tgz

Slackware 8.1 packages:
b1b538ae7685ce8a09514b51f8802614  sendmail-8.12.9-i386-1.tgz
628b61a20f4529b514060620e5e601e7  sendmail-cf-8.12.9-noarch-1.tgz

Slackware 9.0 packages:
5f4f92f933961b6e652d294cd76da426  sendmail-8.12.9-i386-1.tgz
45b217e09d5ff2d0e1b7b12a389c86ec  sendmail-cf-8.12.9-noarch-1.tgz



INSTALLATION INSTRUCTIONS:
+------------------------+

First (as root), stop sendmail:

. /etc/rc.d/rc.sendmail stop

Next, upgrade the sendmail package(s) with upgradepkg:

upgradepkg sendmail-*.tgz

Finally, restart sendmail:

. /etc/rc.d/rc.sendmail start



+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+hi4iakRjwEAQIjMRAlYYAJ0SkisbelIwisnAjLcmCBaQC728LACgiu/Q
ftW/49T80bCUapwtL/VzTd4=
=yPYH
-----END PGP SIGNATURE-----




Spotlight

Internet Explorer vulnerabilities increase 100%

Posted on 23 July 2014.  |  Bromium Labs research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //