On Thursday 23 March 2006 02:50, Jesse Keating wrote: >--------------------------------------------------------------------- >Fedora Legacy Test Update Notification >FEDORALEGACY-2006-186277 >Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186277 >2006-03-22 >--------------------------------------------------------------------- > >Name : sendmail >Versions : rh73: sendmail-8.12.11-4.22.9.legacy What line in the /etc/yum.conf on my rh7.3 firewall box do I need to access this fix, yum is telling me its installed and current. But rpm says its sendmail-8.11.6-27.73, a bit long in the tooth don't you think? >Versions : rh9: sendmail-8.12.11-4.24.1.legacy >Versions : fc1: sendmail-8.12.11-4.25.1.legacy >Versions : fc2: sendmail-8.12.11-4.26.legacy >Versions : fc3: sendmail-8.13.1-3.legacy >Summary : A widely used Mail Transport Agent (MTA). >Description : >The Sendmail program is a very widely used Mail Transport Agent (MTA). >MTAs send mail from one machine to another. Sendmail is not a client >program, which you use to read your email. Sendmail is a >behind-the-scenes program which actually moves your email over >networks or the Internet to where you want it to go. > >If you ever need to reconfigure Sendmail, you will also need to have >the sendmail.cf package installed. If you need documentation on >Sendmail, you can install the sendmail-doc package. > >--------------------------------------------------------------------- >Update Information: > >An updated tar package that fixes a flaw in the handling of > asynchronous signals. > >A flaw in the handling of asynchronous signals was discovered in > Sendmail. A remote attacker may be able to exploit a race condition > to execute arbitrary code as root. The Common Vulnerabilities and > Exposures project assigned the name CVE-2006-0058 to this issue. > >By default on Red Hat Enterprise Linux 2.1 and later, Sendmail is > configured to only accept connections from the local host. Therefore > only users who have configured Sendmail to listen to remote hosts > would be able to be remotely exploited by this vulnerability. > >In order to correct this issue for RHL 7.3 users, it was necessary to > upgrade the version of Sendmail from 8.11 as originally shipped to > Sendmail 8.12.11 with the addition of the security patch supplied by > Sendmail Inc. This erratum provides updated packages based on > Sendmail 8.12 with a compatibility mode enabled as provided by Red > Hat for RHEL 2.1. After updating to these packages, users should pay > close attention to their sendmail logs to ensure that the upgrade > completed sucessfully. > >In order to correct this issue for RHL 9 and FC1 users, it was > necessary to upgrade the version of Sendmail from 8.12.8 and 8.12.10 > respectively to 8.12.11 with the addition of the security patch > supplied by Sendmail Inc. After updating to these packages, users > should pay close attention to their sendmail logs to ensure that the > upgrade completed sucessfully. > >For Fedora Core 3 users, the patch supplied by Sendmail Inc. applies > cleanly to the latest sendmail package previously released for Fedora > Core 3. > >Users of Sendmail should upgrade to this updated package, which > contains a replacement backported patch to correct this issue. > >--------------------------------------------------------------------- >Changelogs > >rh73: >* Wed Mar 22 2006 Jesse Keating <jkeating@xxxxxxxxxxxxxxx> >8.12.11-4.22.9.legacy >- Sourced in for RHL7.3 >- Added groff buildreq > > >rh9: >* Wed Mar 22 2006 Jesse Keating <jkeating@xxxxxxxxxx> - > 8.12.11-4.24.1.legacy - fixed VU#834865 (#186277) >- disable -fpie >- enable old_setup >- Add BuildReq gdbm-devel >- Use sasl1 > > >fc1: >* Wed Mar 22 2006 Jesse Keating <jkeating@xxxxxxxxxx> - > 8.12.11-4.25.1.legacy - fixed VU#834865 (#186277) >- enable old_setup > >fc2: >* Wed Mar 22 2006 Jesse Keating <jkeating@xxxxxxxxxx> - > 8.12.11-4.26.legacy - fixed VU#834865 (#186277) > >fc3: >* Wed Mar 22 2006 Jesse Keating <jkeating@xxxxxxxxxxxxxxx> > 8.13.1-3.legacy - fixed VU#834865 (#186277) > >--------------------------------------------------------------------- >This update can be downloaded from: > http://download.fedoralegacy.org/ >(sha1sums) > >rh73: >d9c001d8a34f11f528ff6be2a9f8dd15818caf40 >redhat/7.3/updates-testing/SRPMS/sendmail-8.12.11-4.22.9.legacy.src.rp >m 80f02c886b020e6d6ef17389c22c8b530fb05a48 >redhat/7.3/updates-testing/i386/sendmail-8.12.11-4.22.9.legacy.i386.rp >m 285816881a55fe4b8a74fee48205c8ceedaee5e5 >redhat/7.3/updates-testing/i386/sendmail-cf-8.12.11-4.22.9.legacy.i386 >.rpm b4154a342e7747d980b7acaf352649ddc1dcc40d >redhat/7.3/updates-testing/i386/sendmail-devel-8.12.11-4.22.9.legacy.i >386.rpm 81a36048a12cc5c08a8e93490dde6817c402ae54 >redhat/7.3/updates-testing/i386/sendmail-doc-8.12.11-4.22.9.legacy.i38 >6.rpm > > >rh9: >272bbff91a52692991f6f0fd434a27fda1c92057 >redhat/9/updates-testing/SRPMS/sendmail-8.12.11-4.24.1.legacy.src.rpm >683d48df1c5aabb1e9768d4bfb37036d0d7ff7c6 >redhat/9/updates-testing/i386/sendmail-8.12.11-4.24.1.legacy.i386.rpm >a6e967294f6cbe9f623e5626e20e33fbbc410f68 >redhat/9/updates-testing/i386/sendmail-cf-8.12.11-4.24.1.legacy.i386.r >pm da996e582bb27144c7c26050e0ba51ce7cb727d7 >redhat/9/updates-testing/i386/sendmail-devel-8.12.11-4.24.1.legacy.i38 >6.rpm 8d03dc1dd178543cb9d9050198774b599967bfcd >redhat/9/updates-testing/i386/sendmail-doc-8.12.11-4.24.1.legacy.i386. >rpm > > >fc1: >c33698f4e499d477d9712de3d6061825348a294f >fedora/1/updates-testing/SRPMS/sendmail-8.12.11-4.25.1.legacy.src.rpm >df880ab03eaeb2f82be81bee96c28392984a4b86 >fedora/1/updates-testing/i386/sendmail-8.12.11-4.25.1.legacy.i386.rpm >729bcaeb1269b65728f014bbbedb5c1a54a5158e >fedora/1/updates-testing/i386/sendmail-cf-8.12.11-4.25.1.legacy.i386.r >pm 256ff91b67ecc7680a5f2fb97b3b32142bb80d18 >fedora/1/updates-testing/i386/sendmail-devel-8.12.11-4.25.1.legacy.i38 >6.rpm 65725c811c4c7eede9f88c006a13c15e458d353f >fedora/1/updates-testing/i386/sendmail-doc-8.12.11-4.25.1.legacy.i386. >rpm > > >fc2: >65086d18cb29e02b57ce07b6abf79ba378ae1c3c >fedora/2/updates-testing/SRPMS/sendmail-8.12.11-4.26.legacy.src.rpm >7e44b02696338832e2dfc0057aeb58c98511d0d2 >fedora/2/updates-testing/i386/sendmail-8.12.11-4.26.legacy.i386.rpm >d159f0c92bd530799b75341d18b5b2cbe5aa5a0a >fedora/2/updates-testing/i386/sendmail-cf-8.12.11-4.26.legacy.i386.rpm >8421bfb2eb2f2b3fddb35e905fdcfecd0fb8088c >fedora/2/updates-testing/i386/sendmail-devel-8.12.11-4.26.legacy.i386. >rpm b659d2733afa3d6f4df840a395c6eae3a5c07d50 >fedora/2/updates-testing/i386/sendmail-doc-8.12.11-4.26.legacy.i386.rp >m > >fc3: >fbfba64eac81e57ae098f967b7d3bf4e47e04c87 >fedora/3/updates-testing/SRPMS/sendmail-8.13.1-3.legacy.src.rpm >6cc0f44ad32c0eb62801331bf8bfa41625b61031 >fedora/3/updates-testing/i386/sendmail-8.13.1-3.legacy.i386.rpm >04bd02d3f731eb985d6e8b9fde7ee3ddc5bdccfe >fedora/3/updates-testing/i386/sendmail-cf-8.13.1-3.legacy.i386.rpm >97f173fa48f847feb5051bc2cb4686f53e3895ac >fedora/3/updates-testing/i386/sendmail-devel-8.13.1-3.legacy.i386.rpm >298c0908052efdbc671dda1f22f025f96a10d770 >fedora/3/updates-testing/i386/sendmail-doc-8.13.1-3.legacy.i386.rpm >162a1e21ac33e5a9072f7cb9934d17523d8160f6 >fedora/3/updates-testing/x86_64/sendmail-8.13.1-3.legacy.x86_64.rpm >939de41400340905ec0b378b501e5d1b8b41e545 >fedora/3/updates-testing/x86_64/sendmail-cf-8.13.1-3.legacy.x86_64.rpm >c09947143c351f575737036599c23c542404d82e >fedora/3/updates-testing/x86_64/sendmail-devel-8.13.1-3.legacy.x86_64. >rpm bd1b9553b49e5c2631a40f68461472b1671f9beb >fedora/3/updates-testing/x86_64/sendmail-doc-8.13.1-3.legacy.x86_64.rp >m > >--------------------------------------------------------------------- > >Please test and comment in bugzilla. -- Cheers, Gene People having trouble with vz bouncing email to me should add the word 'online' between the 'verizon', and the dot which bypasses vz's stupid bounce rules. I do use spamassassin too. :-) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2006 by Maurice Eugene Heskett, all rights reserved. -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
