US-CERT Technical Cyber Security Alert TA06-081A -- Sendmail Race Condition Vulnerability (fwd)
Michal Jaegermann
michal at harddata.com
Thu Mar 23 01:46:53 UTC 2006
On Wed, Mar 22, 2006 at 10:29:27AM -0800, Kenneth Porter wrote:
>
> For those of us accepting mail from outside on pre-FC4 Fedora, are any
> updates in the pipe to address this?
I should add that in sendmail.org annoucement,
http://lwn.net/Articles/176595/, there is the following:
"However, note that those patches may not (cleanly) apply to
versions other than 8.13.5 and 8.12.11, respectively. There are no
patches for versions before 8.12 because those outdated versions use
a different I/O layer and hence it would require a major effort to
rewrite that layer."
So, it is clear that those with older distros will have to do, if
required, a sendmail version bump. If Sendmail, Inc. is refusing to
patch that back then surely I am not going to try. I think that
this seriously affects only RH7.3 but it is possible to reuse there
sendmail-8.12.11-4.RHEL3.4 - likely with configuration changes in a
spec file.
Michal
More information about the fedora-legacy-list
mailing list