[slackware-security]  Sendmail buffer overflow fixed

The sendmail packages in Slackware 8.1 and -current have been patched to fix
a security problem.  All sites running sendmail should upgrade.  

More information on the problem can be found here:
 
Sendmail Open Source - Open Source Email Server | Proofpoint US

Here are the details from the Slackware 8.1 ChangeLog:
+--------------------------+
Mon Mar  3 10:29:01 PST 2003
patches/packages/sendmail-8.12.8-i386-1.tgz:  Upgraded to sendmail-8.12.8.
  From sendmail's RELNOTES:
    SECURITY: Fix a remote buffer overflow in header parsing by dropping sender
    and recipient header comments if the comments are too long.  Problem noted
    by Mark Dowd of ISS X-Force.
  (* Security fix *)
patches/packages/sendmail-cf-8.12.8-noarch-1.tgz:  Updated config files for
  sendmail-8.12.8.
+--------------------------+



WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated packages for Slackware 8.1: 
  
 

Updated packages for Slackware -current: 
  
 



MD5 SIGNATURES:
+-------------+

Here are the md5sums for the packages:

Slackware 8.1 packages:
c2c72b982d91d9ca0f59ab2afdf337f2  sendmail-8.12.8-i386-1.tgz
0b8e338169dca7487dd042ba070120d1  sendmail-cf-8.12.8-noarch-1.tgz

Slackware -current packages:
a9db559cd852164577f26efff1e9b36d  sendmail-8.12.8-i386-1.tgz
0141c1f40e1efd148f9ccd1d5a09e7f0  sendmail-cf-8.12.8-noarch-1.tgz



INSTALLATION INSTRUCTIONS:
+------------------------+

As root, upgrade the sendmail package(s) with upgradepkg:

upgradepkg sendmail-*.tgz

Then, restart sendmail:

/etc/rc.d/rc.sendmail restart



+-----+

Slackware Linux Security Team 
slackware
security@slackware.com

+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+

Slackware: sendmail remote exploit

March 4, 2003
A remote vulnerability exists that can result in commands can be executed with administrative privileges.

Summary

Here are the details from the Slackware 8.1 ChangeLog: Mon Mar 3 10:29:01 PST 2003 patches/packages/sendmail-8.12.8-i386-1.tgz: Upgraded to sendmail-8.12.8. From sendmail's RELNOTES: SECURITY: Fix a remote buffer overflow in header parsing by dropping sender and recipient header comments if the comments are too long. Problem noted by Mark Dowd of ISS X-Force. (* Security fix *) patches/packages/sendmail-cf-8.12.8-noarch-1.tgz: Updated config files for sendmail-8.12.8. WHERE TO FIND THE NEW PACKAGES: Updated packages for Slackware 8.1: Updated packages for Slackware -current: MD5 SIGNATURES: Here are the md5sums for the packages: Slackware 8.1 packages: c2c72b982d91d9ca0f59ab2afdf337f2 sendmail-8.12.8-i386-1.tgz 0b8e338169dca7487dd042ba070120d1 sendmail-cf-8.12.8-noarch-1.tgz Slackware -current packages: a9db559cd852164577f26efff1e9b36d sendmail-8.12.8-i386-1.tgz 0141c1f40e1efd148f9ccd1d5a09e7f0 sendmail-cf-8.12.8-noarch-1.tgz INSTALLATION INSTRUCTIONS: As root, upgrade the sendmail package(s) with upgradepkg: upgradepkg sendmail-*.tgz Then, restart sendmail: /etc/rc.d/rc.sendmail restart Slackware Linux Security Team slackware security@slackware.com | HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back. Follow the instructions to | | complete the unsubscription. Do not reply to this message to | | unsubscribe! |

Where Find New Packages

MD5 Signatures

Severity
[slackware-security] Sendmail buffer overflow fixed
The sendmail packages in Slackware 8.1 and -current have been patched to fix a security problem. All sites running sendmail should upgrade.
More information on the problem can be found here: Sendmail Open Source - Open Source Email Server | Proofpoint US

Installation Instructions

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved