On Wed, Mar 22, 2006 at 10:29:27AM -0800, Kenneth Porter wrote: > Main alert page: <http://www.kb.cert.org/vuls/id/834865> > > Fedora details: <http://www.kb.cert.org/vuls/id/MIMG-6MPU9N> > > >From the summary: > > A race condition in Sendmail may allow a remote attacker to execute > arbitrary code. > > For those of us accepting mail from outside on pre-FC4 Fedora, are any > updates in the pipe to address this? It sounds like this is an issue with some urgency. FC3 is using sendmail-8.13.1-2 and a patch sendmail-8.13.1-VU#834865.patch, which you can find in sendmail-8.13.1-3.RHEL4.3.src.rpm, applies to this source without any modificiations. Not a very big surprise. So it is enough to rebuild a corresponding rpm with this patch and you should be fine. How this works for earlier versions I do not know. There is also sendmail-8.12.11-4.RHEL3.4.src.rpm in RHEL updates and it should be possible to "recycle" that patch as well. Michal -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
