Slackware: sendmail remote exploit
Summary
Here are the details from the Slackware 8.1 ChangeLog: Mon Mar 3 10:29:01 PST 2003 patches/packages/sendmail-8.12.8-i386-1.tgz: Upgraded to sendmail-8.12.8. From sendmail's RELNOTES: SECURITY: Fix a remote buffer overflow in header parsing by dropping sender and recipient header comments if the comments are too long. Problem noted by Mark Dowd of ISS X-Force. (* Security fix *) patches/packages/sendmail-cf-8.12.8-noarch-1.tgz: Updated config files for sendmail-8.12.8. WHERE TO FIND THE NEW PACKAGES: Updated packages for Slackware 8.1: Updated packages for Slackware -current: MD5 SIGNATURES: Here are the md5sums for the packages: Slackware 8.1 packages: c2c72b982d91d9ca0f59ab2afdf337f2 sendmail-8.12.8-i386-1.tgz 0b8e338169dca7487dd042ba070120d1 sendmail-cf-8.12.8-noarch-1.tgz Slackware -current packages: a9db559cd852164577f26efff1e9b36d sendmail-8.12.8-i386-1.tgz 0141c1f40e1efd148f9ccd1d5a09e7f0 sendmail-cf-8.12.8-noarch-1.tgz INSTALLATION INSTRUCTIONS: As root, upgrade the sendmail package(s) with upgradepkg: upgradepkg sendmail-*.tgz Then, restart sendmail: /etc/rc.d/rc.sendmail restart Slackware Linux Security Team slackware security@slackware.com | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! |
Where Find New Packages
MD5 Signatures
Installation Instructions