Re: US-CERT Technical Cyber Security Alert TA06-081A -- Sendmail Race Condition Vulnerability (fwd)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Mar 22, 2006 at 10:29:27AM -0800, Kenneth Porter wrote:
> 
> For those of us accepting mail from outside on pre-FC4 Fedora, are any 
> updates in the pipe to address this?

I should add that in sendmail.org annoucement,
http://lwn.net/Articles/176595/, there is the following:

"However, note that those patches may not (cleanly) apply to
versions other than 8.13.5 and 8.12.11, respectively.  There are no
patches for versions before 8.12 because those outdated versions use
a different I/O layer and hence it would require a major effort to
rewrite that layer."

So, it is clear that those with older distros will have to do, if
required, a sendmail version bump.  If Sendmail, Inc. is refusing to
patch that back then surely I am not going to try.  I think that
this seriously affects only RH7.3 but it is possible to reuse there
sendmail-8.12.11-4.RHEL3.4 - likely with configuration changes in a
spec file.


   Michal

--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux