At 07:44 PM 9/18/2006, Scott Silva wrote:
Alexander Dalloz spake the following on 9/18/2006 4:14 PM: > Scott Silva schrieb: > >> Has anybody else been seeing a lot of sendmail segfaults since Yesterday? >> I got over 2300 yesterday alone, and haven't got done counting todays. >> > You are maybe target of an attack using a known vulnerability of > Sendmail < 8.13.8. > > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4434 > > Alexander Is there a good repo with a newer sendmail than in CentOS 4.4?
Note that RedHat has been back-porting patches into sendmail 8.12.x rather than supplying 8.13.x as a bug fix. As a result, the patched 8.12.x might not be vulnerable to issues despite CVE statements that all versions before X are vulnerable. That said, I haven't looked to see if RedHat has indeed patched up sendmail to deal with this particular vulnerability.
This also points out one of my concerns with the RHEL distribution (we have lots of copies we pay RH for, and a few we use CentOS for). For some packages, we'd REALLY like a choice of staying on the present train, or moving forward. In our case, sendmail-8.13 would be useful, and php-5.x would be useful. If there were the possibility of getting those -- including bug fixes for security updates via normal patch installation methods -- we would be much happier.
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos