Re: [Updated] [FLSA-2006:186277] Updated sendmail packages fix security issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Adam Gibson wrote:
One thing I noticed after the latest yum update of sendmail from the previous update is that alternatives is broken for /etc/pam.d/smtp for the sendmail package. Sendmail used to create /etc/pam.d/smtp.sendmail which alternatives would create a symlink at /etc/pam.d/smtp to eventually point to the current configured smtp pam config (/etc/pam.d/smtp.sendmail for sendmail).

a yum update showed this:
warning: /etc/pam.d/smtp created as /etc/pam.d/smtp.rpmnew

# ls -al /etc/pam.d/smtp*
lrwxrwxrwx 1 root root 25 Mar 28 12:48 /etc/pam.d/smtp -> /etc/alternatives/mta-pam
-rw-r--r--    1 root     root          116 Mar 26 22:37 smtp.rpmnew

# ls -al /etc/alternatives/mta-pam
lrwxrwxrwx 1 root root 24 Mar 28 12:48 /etc/alternatives/mta-pam -> /etc/pam.d/smtp.sendmail

smtp.sendmail no longer exists. It appears to just be directly smtp now which was stored as smtp.rpmnew because the symlink created by alternatives was at /etc/pam.d/smtp. Issuing an alternatives --config mta will just setup /etc/pam.d/smtp to eventually point to /etc/pam.d/smtp.sendmail again which does not exist.

This is incorrect. I moved smtp.rpmnew to smtp and alternatives does not do anything with the /etc/pam.d/smtp. I mistakenly thought it did the first time but it was just leftover from the previous sendmail package. Moving /etc/pam.d/smtp.rpmnew to /etc/pam.d/smtp fixes the problem.

So basically it boils down to alternatives with the newer sendmail updates do not do anything with /etc/pam.d/smtp anymore(It is part of the packages itself and not a symlink). The problem I had is that the old symlink was in the way when sendmail was updated.

I wonder if other MTAs expect /etc/pam.d/smtp to still be a symlink. If you do an alternatives for postfix or some other mta will it overwrite /etc/pam.d/smtp? If so that could be a problem if you switch back.


Moving /etc/pam.d/smtp.rpmnew to /etc/pam.d/smtp.sendmail fixes the problem for me.

I do not know what the ramifications are of having a broken symlink to /etc/pam.d/smtp but it must be used for something.

Marc Deslauriers wrote:
---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated sendmail packages fix security issue
Advisory ID:       FLSA:186277
Issue date:        2006-04-04
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix, Security
CVE Names:         CVE-2006-0058
---------------------------------------------------------------------

---------------------------------------------------------------------
1. Topic:

Updated sendmail packages that fix a security issue are now
available.

The sendmail package provides a widely used Mail Transport Agent (MTA).

[Updated 4th April 2006]
Red Hat Linux 7.3, Red Hat Linux 9, and Fedora Core 1 packages have been
updated to correct numerous problems with the previously released
updates.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64


--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux