Slackware: sendmail multiple vulnerabilities
Summary
Here are the details from the Slackware 9.0 ChangeLog: Wed Sep 17 10:10:26 PDT 2003 patches/packages/sendmail-8.12.10-i386-1.tgz: Upgraded to sendmail-8.12.10. This fixes security issues as noted in Sendmail's RELEASE_NOTES: "SECURITY: Fix a buffer overflow in address parsing. Problem detected by Michal Zalewski, patch from Todd C. Miller of Courtesan Consulting. Fix a potential buffer overflow in ruleset parsing. This problem is not exploitable in the default sendmail configuration; only if non-standard rulesets recipient (2), final (4), or mailer-specific envelope recipients rulesets are used then a problem may occur. Problem noted by Timo Sirainen." We recommend that sites running Sendmail upgrade immediately. (* Security fix *) patches/packages/sendmail-cf-8.12.10-noarch-1.tgz: Upgraded to config files for sendmail-8.12.10. WHERE TO FIND THE NEW PACKAGES: Updated packages for Slackware 8.1: Updated packages for Slackware 9.0: Updated packages for Slackware -current: MD5 SIGNATURES: Slackware 8.1 packages: c54d3aa8407689e6f3ee5b491f063750 sendmail-8.12.10-i386-1.tgz 3d823ecb0efb5f7d7175bc913b9071df sendmail-cf-8.12.10-noarch-1.tgz Slackware 9.0 packages: 49215a19acf21555ccbf64f7c84aefe2 sendmail-8.12.10-i386-1.tgz 524df4f7a5a0d54458274aeefc0288bb sendmail-cf-8.12.10-noarch-1.tgz Slackware -current packages: c044dbbc9445db1e6f830aa370afdcea sendmail-8.12.10-i486-1.tgz e9603e09aa8ffadf93cda54e5e3f8833 sendmail-cf-8.12.10-noarch-1.tgz INSTALLATION INSTRUCTIONS: First (as root), stop sendmail: . /etc/rc.d/rc.sendmail stop Next, upgrade the sendmail package(s) with upgradepkg: upgradepkg sendmail-*.tgz Finally, restart sendmail: . /etc/rc.d/rc.sendmail start Slackware Linux Security Team slackware security@slackware.com
Where Find New Packages
MD5 Signatures
Installation Instructions