[slackware-security] Sendmail buffer overflow fixed (NEW) The sendmail packages in Slackware 8.0, 8.1, and 9.0 have been patched to fix a security problem. Note that this vulnerablity is NOT the same one that was announced on March 3rd and requires a new fix. All sites running sendmail should upgrade. More information on the problem can be found here: Sendmail Open Source - Open Source Email Server | Proofpoint US Here are the details from the Slackware 9.0 ChangeLog: +--------------------------+ Sat Mar 29 13:46:36 PST 2003 patches/packages/sendmail-8.12.9-i386-1.tgz: Upgraded to sendmail-8.12.9. From sendmail's RELEASE_NOTES: 8.12.9/8.12.9 2003/03/29 SECURITY: Fix a buffer overflow in address parsing due to a char to int conversion problem which is potentially remotely exploitable. Problem found by Michal Zalewski. Note: an MTA that is not patched might be vulnerable to data that it receives from untrusted sources, which includes DNS. (* Security fix *) patches/packages/sendmail-cf-8.12.9-noarch-1.tgz: Updated config files for sendmail-8.12.9. +--------------------------+ WHERE TO FIND THE NEW PACKAGES: +-----------------------------+ Updated packages for Slackware 8.0: Updated packages for Slackware 8.1: Updated packages for Slackware 9.0: MD5 SIGNATURES: +-------------+ Here are the md5sums for the packages: Slackware 8.0 packages: c29c3063313534bee8db13c5afcd1abc sendmail.tgz 1b3be9b45f0d078e1053b80069538ca7 smailcfg.tgz Slackware 8.1 packages: b1b538ae7685ce8a09514b51f8802614 sendmail-8.12.9-i386-1.tgz 628b61a20f4529b514060620e5e601e7 sendmail-cf-8.12.9-noarch-1.tgz Slackware 9.0 packages: 5f4f92f933961b6e652d294cd76da426 sendmail-8.12.9-i386-1.tgz 45b217e09d5ff2d0e1b7b12a389c86ec sendmail-cf-8.12.9-noarch-1.tgz INSTALLATION INSTRUCTIONS: +------------------------+ First (as root), stop sendmail: . /etc/rc.d/rc.sendmail stop Next, upgrade the sendmail package(s) with upgradepkg: upgradepkg sendmail-*.tgz Finally, restart sendmail: . /etc/rc.d/rc.sendmail start +-----+ Slackware Linux Security Team slackware security@slackware.com +------------------------------------------------------------------------+ | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! | +------------------------------------------------------------------------+
Slackware: sendmail Buffer overflow vulnerability
March 30, 2003
The sendmail packages in Slackware 8.0, 8.1, and 9.0 have been patchedto fix a security problem
Summary
Here are the details from the Slackware 9.0 ChangeLog: Sat Mar 29 13:46:36 PST 2003 patches/packages/sendmail-8.12.9-i386-1.tgz: Upgraded to sendmail-8.12.9. From sendmail's RELEASE_NOTES: 8.12.9/8.12.9 2003/03/29 SECURITY: Fix a buffer overflow in address parsing due to a char to int conversion problem which is potentially remotely exploitable. Problem found by Michal Zalewski. Note: an MTA that is not patched might be vulnerable to data that it receives from untrusted sources, which includes DNS. (* Security fix *) patches/packages/sendmail-cf-8.12.9-noarch-1.tgz: Updated config files for sendmail-8.12.9. WHERE TO FIND THE NEW PACKAGES: Updated packages for Slackware 8.0: Updated packages for Slackware 8.1: Updated packages for Slackware 9.0: MD5 SIGNATURES: Here are the md5sums for the packages: Slackware 8.0 packages: c29c3063313534bee8db13c5afcd1abc sendmail.tgz 1b3be9b45f0d078e1053b80069538ca7 smailcfg.tgz Slackware 8.1 packages: b1b538ae7685ce8a09514b51f8802614 sendmail-8.12.9-i386-1.tgz 628b61a20f4529b514060620e5e601e7 sendmail-cf-8.12.9-noarch-1.tgz Slackware 9.0 packages: 5f4f92f933961b6e652d294cd76da426 sendmail-8.12.9-i386-1.tgz 45b217e09d5ff2d0e1b7b12a389c86ec sendmail-cf-8.12.9-noarch-1.tgz INSTALLATION INSTRUCTIONS: First (as root), stop sendmail: . /etc/rc.d/rc.sendmail stop Next, upgrade the sendmail package(s) with upgradepkg: upgradepkg sendmail-*.tgz Finally, restart sendmail: . /etc/rc.d/rc.sendmail start Slackware Linux Security Team slackware security@slackware.com | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! |
Where Find New Packages
MD5 Signatures
Severity
[slackware-security] Sendmail buffer overflow fixed (NEW)
The sendmail packages in Slackware 8.0, 8.1, and 9.0 have been patched to fix a security problem. Note that this vulnerablity is NOT the same one that was announced on March 3rd and requires a new fix.
All sites running sendmail should upgrade.
More information on the problem can be found here: Sendmail Open Source - Open Source Email Server | Proofpoint US
Installation Instructions
News
HOWTOs
About Us
Powered By
