[Updated] [FLSA-2006:186277] Updated sendmail packages fix security issue

Adam Gibson agibson at ptm.com
Wed Apr 5 16:50:13 UTC 2006 

One thing I noticed after the latest yum update of sendmail from the 
previous update is that alternatives is broken for /etc/pam.d/smtp for 
the sendmail package.  Sendmail used to create /etc/pam.d/smtp.sendmail 
which alternatives would create a symlink at /etc/pam.d/smtp to 
eventually point to the current configured smtp pam config 
(/etc/pam.d/smtp.sendmail for sendmail).

a yum update showed this:
warning: /etc/pam.d/smtp created as /etc/pam.d/smtp.rpmnew

# ls -al /etc/pam.d/smtp*
lrwxrwxrwx    1 root     root           25 Mar 28 12:48 /etc/pam.d/smtp 
-> /etc/alternatives/mta-pam
-rw-r--r--    1 root     root          116 Mar 26 22:37 smtp.rpmnew

# ls -al /etc/alternatives/mta-pam
lrwxrwxrwx    1 root     root           24 Mar 28 12:48 
/etc/alternatives/mta-pam -> /etc/pam.d/smtp.sendmail

smtp.sendmail no longer exists. It appears to just be directly smtp now 
which was stored as smtp.rpmnew because the symlink created by 
alternatives was at /etc/pam.d/smtp.  Issuing an alternatives --config 
mta will just setup /etc/pam.d/smtp to eventually point to 
/etc/pam.d/smtp.sendmail again which does not exist.

Moving /etc/pam.d/smtp.rpmnew to /etc/pam.d/smtp.sendmail fixes the 
problem for me.

I do not know what the ramifications are of having a broken symlink to 
/etc/pam.d/smtp but it must be used for something.

Marc Deslauriers wrote:
> ---------------------------------------------------------------------
>                Fedora Legacy Update Advisory
> 
> Synopsis:          Updated sendmail packages fix security issue
> Advisory ID:       FLSA:186277
> Issue date:        2006-04-04
> Product:           Red Hat Linux, Fedora Core
> Keywords:          Bugfix, Security
> CVE Names:         CVE-2006-0058
> ---------------------------------------------------------------------
> 
> ---------------------------------------------------------------------
> 1. Topic:
> 
> Updated sendmail packages that fix a security issue are now
> available.
> 
> The sendmail package provides a widely used Mail Transport Agent (MTA).
> 
> [Updated 4th April 2006]
> Red Hat Linux 7.3, Red Hat Linux 9, and Fedora Core 1 packages have been
> updated to correct numerous problems with the previously released
> updates.
> 
> 2. Relevant releases/architectures:
> 
> Red Hat Linux 7.3 - i386
> Red Hat Linux 9 - i386
> Fedora Core 1 - i386
> Fedora Core 2 - i386
> Fedora Core 3 - i386, x86_64
>

More information about the fedora-legacy-list mailing list