[slackware-security]  Sendmail buffer overflow fixed

The sendmail packages in Slackware 8.1 and -current have been patched to fix
a security problem.  All sites running sendmail should upgrade.  

More information on the problem can be found here:
 
Sendmail Open Source - Open Source Email Server | Proofpoint US

Here are the details from the Slackware 8.1 ChangeLog:
+--------------------------+
Mon Mar  3 10:29:01 PST 2003
patches/packages/sendmail-8.12.8-i386-1.tgz:  Upgraded to sendmail-8.12.8.
  From sendmail's RELNOTES:
    SECURITY: Fix a remote buffer overflow in header parsing by dropping sender
    and recipient header comments if the comments are too long.  Problem noted
    by Mark Dowd of ISS X-Force.
  (* Security fix *)
patches/packages/sendmail-cf-8.12.8-noarch-1.tgz:  Updated config files for
  sendmail-8.12.8.
+--------------------------+



WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated packages for Slackware 8.1: 
  
 

Updated packages for Slackware -current: 
  
 



MD5 SIGNATURES:
+-------------+

Here are the md5sums for the packages:

Slackware 8.1 packages:
c2c72b982d91d9ca0f59ab2afdf337f2  sendmail-8.12.8-i386-1.tgz
0b8e338169dca7487dd042ba070120d1  sendmail-cf-8.12.8-noarch-1.tgz

Slackware -current packages:
a9db559cd852164577f26efff1e9b36d  sendmail-8.12.8-i386-1.tgz
0141c1f40e1efd148f9ccd1d5a09e7f0  sendmail-cf-8.12.8-noarch-1.tgz



INSTALLATION INSTRUCTIONS:
+------------------------+

As root, upgrade the sendmail package(s) with upgradepkg:

upgradepkg sendmail-*.tgz

Then, restart sendmail:

/etc/rc.d/rc.sendmail restart



+-----+

Slackware Linux Security Team 
slackware
security@slackware.com

+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+

Slackware: sendmail remote exploit

March 4, 2003
A remote vulnerability exists that can result in commands can be executed with administrative privileges.

Summary

Here are the details from the Slackware 8.1 ChangeLog: Mon Mar 3 10:29:01 PST 2003 patches/packages/sendmail-8.12.8-i386-1.tgz: Upgraded to sendmail-8.12.8. From sendmail's RELNOTES: SECURITY: Fix a remote buffer overflow in header parsing by dropping sender and recipient header comments if the comments are too long. Problem noted by Mark Dowd of ISS X-Force. (* Security fix *) patches/packages/sendmail-cf-8.12.8-noarch-1.tgz: Updated config files for sendmail-8.12.8. WHERE TO FIND THE NEW PACKAGES: Updated packages for Slackware 8.1: Updated packages for Slackware -current: MD5 SIGNATURES: Here are the md5sums for the packages: Slackware 8.1 packages: c2c72b982d91d9ca0f59ab2afdf337f2 sendmail-8.12.8-i386-1.tgz 0b8e338169dca7487dd042ba070120d1 sendmail-cf-8.12.8-noarch-1.tgz Slackware -current packages: a9db559cd852164577f26efff1e9b36d sendmail-8.12.8-i386-1.tgz 0141c1f40e1efd148f9ccd1d5a09e7f0 sendmail-cf-8.12.8-noarch-1.tgz INSTA...

Where Find New Packages

MD5 Signatures

Severity
[slackware-security] Sendmail buffer overflow fixed
The sendmail packages in Slackware 8.1 and -current have been patched to fix a security problem. All sites running sendmail should upgrade.
More information on the problem can be found here: Sendmail Open Source - Open Source Email Server | Proofpoint US

Installation Instructions

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved