Slackware alert: Sendmail buffer overflow fixed (NEW)

Posted by dave on Mar 29, 2003 2:40 PM EDT
Mailing list
Mail this story
Print this story

The sendmail packages in Slackware 8.0, 8.1, and 9.0 have been patched to fix a security problem. Note that this vulnerablity is NOT the same one that was announced on March 3rd and requires a new fix.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security] Sendmail buffer overflow fixed (NEW)

The sendmail packages in Slackware 8.0, 8.1, and 9.0 have been patched to fix a security problem. Note that this vulnerablity is NOT the same one that was announced on March 3rd and requires a new fix.

All sites running sendmail should upgrade.

More information on the problem can be found here:

http://www.sendmail.org/8.12.9.html

Here are the details from the Slackware 9.0 ChangeLog: +--------------------------+ Sat Mar 29 13:46:36 PST 2003 patches/packages/sendmail-8.12.9-i386-1.tgz: Upgraded to sendmail-8.12.9. From sendmail's RELEASE_NOTES: 8.12.9/8.12.9 2003/03/29 SECURITY: Fix a buffer overflow in address parsing due to a char to int conversion problem which is potentially remotely exploitable. Problem found by Michal Zalewski. Note: an MTA that is not patched might be vulnerable to data that it receives from untrusted sources, which includes DNS. (* Security fix *) patches/packages/sendmail-cf-8.12.9-noarch-1.tgz: Updated config files for sendmail-8.12.9. +--------------------------+



WHERE TO FIND THE NEW PACKAGES: +-----------------------------+

Updated packages for Slackware 8.0: ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/sendmail.tgz ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/smailcfg.tgz

Updated packages for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-8.12.9-i386-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-cf-8.12.9-noarch-1.tgz

Updated packages for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sendmail-8.12.9-i386-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sendmail-cf-8.12.9-noarch-1.tgz



MD5 SIGNATURES: +-------------+

Here are the md5sums for the packages:

Slackware 8.0 packages: c29c3063313534bee8db13c5afcd1abc sendmail.tgz 1b3be9b45f0d078e1053b80069538ca7 smailcfg.tgz

Slackware 8.1 packages: b1b538ae7685ce8a09514b51f8802614 sendmail-8.12.9-i386-1.tgz 628b61a20f4529b514060620e5e601e7 sendmail-cf-8.12.9-noarch-1.tgz

Slackware 9.0 packages: 5f4f92f933961b6e652d294cd76da426 sendmail-8.12.9-i386-1.tgz 45b217e09d5ff2d0e1b7b12a389c86ec sendmail-cf-8.12.9-noarch-1.tgz



INSTALLATION INSTRUCTIONS: +------------------------+

First (as root), stop sendmail:

. /etc/rc.d/rc.sendmail stop

Next, upgrade the sendmail package(s) with upgradepkg:

upgradepkg sendmail-*.tgz

Finally, restart sendmail:

. /etc/rc.d/rc.sendmail start



+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+hi4iakRjwEAQIjMRAlYYAJ0SkisbelIwisnAjLcmCBaQC728LACgiu/Q ftW/49T80bCUapwtL/VzTd4= =yPYH -----END PGP SIGNATURE-----

  Nav
» Read more about: Story Type: Security; Groups: Slackware

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.