[UPDATED] Fedora Legacy Test Update Notification: sendmail

Marc Deslauriers marcdeslauriers at videotron.ca
Wed Mar 29 00:39:59 UTC 2006 

These updated test packages for rh73, rh9 and fc1 fix problems with the
previous sendmail update.

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-186277
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186277
2006-03-28
---------------------------------------------------------------------

Name        : sendmail
Versions    : rh73: sendmail-8.12.11-4.22.10.legacy
Versions    : rh9: sendmail-8.12.11-4.24.3.legacy
Versions    : fc1: sendmail-8.12.11-4.25.3.legacy
Summary     : A widely used Mail Transport Agent (MTA).
Description :
The Sendmail program is a very widely used Mail Transport Agent (MTA).
MTAs send mail from one machine to another. Sendmail is not a client
program, which you use to read your email. Sendmail is a
behind-the-scenes program which actually moves your email over
networks or the Internet to where you want it to go.

---------------------------------------------------------------------
Update Information:

Updated sendmail packages that fix a flaw in the handling of asynchronous
signals are now available.

A flaw in the handling of asynchronous signals was discovered in
Sendmail. A remote attacker may be able to exploit a race condition to
execute arbitrary code as root. The Common Vulnerabilities and Exposures
project assigned the name CVE-2006-0058 to this issue.

In order to correct this issue for RHL 7.3 users, it was necessary to
upgrade the version of Sendmail from 8.11 as originally shipped to
Sendmail 8.12.11 with the addition of the security patch supplied by
Sendmail Inc. This erratum provides updated packages based on Sendmail
8.12 with a compatibility mode enabled as provided by Red Hat for
RHEL 2.1. After updating to these packages, users should pay close
attention to their sendmail logs to ensure that the upgrade completed
sucessfully.

In order to correct this issue for RHL 9 and FC1 users, it was necessary
to upgrade the version of Sendmail from 8.12.8 and 8.12.10 respectively
to 8.12.11 with the addition of the security patch supplied by Sendmail
Inc. After updating to these packages, users should pay close attention
to their sendmail logs to ensure that the upgrade completed sucessfully.

Users of Sendmail should upgrade to this updated package, which contains
a backported patch to correct this issue.

---------------------------------------------------------------------
Changelogs

rh73:
* Sat Mar 25 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
8.12.11-4.22.10.legacy
- Added hesiod-devel to BuildRequires
- Reverted to previous alternatives files
- Removed new triggers
- Modified instructions in sendmail.mc

* Wed Mar 22 2006 Jesse Keating <jkeating at j2solutions.net>
8.12.11-4.22.9.legacy
- Sourced in for RHL7.3
- Added groff buildreq
- Enable alternatives

rh9:
* Sun Mar 26 2006 Marc Deslauriers <marcdeslauriers at videotron.ca> -
8.12.11-4.24.3.legacy
- Reverted statistics file path in mc file
- Reverted CERT paths in mc file
- Don't enable statistics by default

* Sat Mar 25 2006 Marc Deslauriers <marcdeslauriers at videotron.ca> -
8.12.11-4.24.2.legacy
- Reverted statistics file to /etc/mail
- Reverted to previous alternatives files

* Wed Mar 22 2006 Jesse Keating <jkeating at redhat.com> -
8.12.11-4.24.1.legacy
- fixed VU#834865 (#186277)
- disable -fpie
- enable old_setup
- Add BuildReq gdbm-devel
- Use sasl1

fc1:
* Sun Mar 26 2006 Marc Deslauriers <marcdeslauriers at videotron.ca> -
8.12.11-4.25.3.legacy
- Reverted statistics file path in mc file
- Reverted CERT paths in mc file
- Don't enable statistics by default

* Sat Mar 25 2006 Marc Deslauriers <marcdeslauriers at videotron.ca> -
8.12.11-4.25.2.legacy
- Reverted statistics file to /etc/mail
- Reverted to previous alternatives files
- Added gdbm-devel to BuildRequires

* Wed Mar 22 2006 Jesse Keating <jkeating at redhat.com> -
8.12.11-4.25.1.legacy
- fixed VU#834865 (#186277)
- enable old_setup

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh73:
950fc853550d93f521d4203b9f78023721fbdecd
redhat/7.3/updates-testing/i386/sendmail-8.12.11-4.22.10.legacy.i386.rpm
d8c06f3f92d7dd526426b86e52bdd244e75c061a
redhat/7.3/updates-testing/i386/sendmail-cf-8.12.11-4.22.10.legacy.i386.rpm
dde44f59a60481edae75ddf6d854341308e4ce62
redhat/7.3/updates-testing/i386/sendmail-devel-8.12.11-4.22.10.legacy.i386.rpm
faf27d20eb151227225cc4e2ac5014bb205aa350
redhat/7.3/updates-testing/i386/sendmail-doc-8.12.11-4.22.10.legacy.i386.rpm
e0b9ece564e8103a254311da19c6bc41a21c8ffc
redhat/7.3/updates-testing/SRPMS/sendmail-8.12.11-4.22.10.legacy.src.rpm

rh9:
9f1caeadce45e2922f6bc29ea0f4e7bce4e26d02
redhat/9/updates-testing/i386/sendmail-8.12.11-4.24.3.legacy.i386.rpm
6b7b437bb58ac9f805185ae992da9a157a0d755d
redhat/9/updates-testing/i386/sendmail-cf-8.12.11-4.24.3.legacy.i386.rpm
ae48cf1d3a5d8f5bfc789a408de392fe27e84b73
redhat/9/updates-testing/i386/sendmail-devel-8.12.11-4.24.3.legacy.i386.rpm
4571b20f603bf6f90558aa09107f5b2ae17e8111
redhat/9/updates-testing/i386/sendmail-doc-8.12.11-4.24.3.legacy.i386.rpm
4b4ed7d51e710a447c6a839dcf203bc4636c2f62
redhat/9/updates-testing/SRPMS/sendmail-8.12.11-4.24.3.legacy.src.rpm

fc1:
3f6edb4bdcd42cca1f01fce9482d3ac10b56f530
fedora/1/updates-testing/i386/sendmail-8.12.11-4.25.3.legacy.i386.rpm
7aaa9743d312b7ebc95baa83e186acaa267f6915
fedora/1/updates-testing/i386/sendmail-cf-8.12.11-4.25.3.legacy.i386.rpm
dfabadaa764d471b2c5963547643ca4bbe5ca0e7
fedora/1/updates-testing/i386/sendmail-devel-8.12.11-4.25.3.legacy.i386.rpm
121433ec0c71a163993cf2a94f33fa67df786b11
fedora/1/updates-testing/i386/sendmail-doc-8.12.11-4.25.3.legacy.i386.rpm
d41f7652ea88a068e21c7f68bb018b8462695754
fedora/1/updates-testing/SRPMS/sendmail-8.12.11-4.25.3.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060328/d1ae9e84/attachment.sig>

More information about the fedora-legacy-list mailing list