Sendmail Vulnerability: critical
Mike Tremaine
mgt at stellarcore.net
Thu Mar 23 15:15:39 GMT 2006
> On 23.03.2006 07:24, James Gray wrote:
>
> >On Thu, 23 Mar 2006 06:51, Rob Poe wrote:
> >
> >
> >>I ran a yum update, got the new sendmail rpms (and 4.3, i think too for
> >>our 4.3 boxen) .. looks like centos was right on it..
> >>
> >>
> >
> >Hmm, I ran the same update here and here's what RPM reports:
> >
> >rpm -qa|grep sendmail ; uname -a ; cat /etc/redhat-release
> >sendmail-devel-8.13.1-2
> >sendmail-8.13.1-2
> >sendmail-cf-8.13.1-2
> >Linux clacks.ocs.au.com 2.6.9-34.EL #1 Wed Mar 8 00:07:35 CST 2006 i686 i686
> >i386 GNU/Linux
> >CentOS release 4.3 (Final)
> >
> >Seems CentOS 4.3 is still on Sendmail 8.13.1. No idea if the 8.13.6 patch
> >has been back-ported though.
> >
> >
>
> `rpm -q --changelog` should tell you for what you are looking
>
The Centos4.x sendmail 8.13.1-3 has the fixes. As stated do a "rpm -q --
changelog sendmail | less" and you'll see
* Mon Mar 20 2006 Thomas Woerner <twoerner at redhat.com> 8.13.1-3.RHEL4.3
- fixed another time_t timeout problem in the VU patch in usersmtp.c
* Sat Mar 18 2006 Thomas Woerner <twoerner at redhat.com> 8.13.1-3.RHEL4.2
- fixed adaption failure in VU#834865
* Mon Mar 13 2006 Thomas Woerner <twoerner at redhat.com> 8.13.1-3.RHEL4.1
- fixed VU#834865 (#184465)
Nice turn around time by the Centos people. I had this rolled out across
all servers well before dinner.
-Mike
More information about the MailScanner
mailing list