lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030329130842.A6955@lsd>
Date: Sat, 29 Mar 2003 13:08:43 -0500
From: White Vampire <whitevampire@...dless.com>
To: bugtraq@...urityfocus.com
Subject: [security@...ckware.com: [slackware-security]  Sendmail buffer overflow fixed]


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----- Forwarded message from Slackware Security Team <security@...ckware.com> -----

Return-Path: <owner-slackware-security@....slackware.com>
Delivered-To: whitvamp@...alhost
Received: (qmail 7993 invoked from network); 25 Mar 2003 17:44:33 -0000
Received: from localhost (127.0.0.1)
  by localhost with SMTP; 25 Mar 2003 17:44:33 -0000
Delivered-To: vampwhit@...ly.csoft.net
Received: from mail102.csoft.net [63.111.26.110]
	by localhost with POP3 (fetchmail-5.8.3)
	for whitvamp@...alhost (single-drop); Tue, 25 Mar 2003 12:44:33 -0500 (EST)
Received: (qmail 76250 invoked from network); 4 Mar 2003 00:40:08 -0000
Received: from unknown (HELO ws4-2.us4.outblaze.com) (205.158.62.67)
  by mail102.csoft.net with SMTP; 4 Mar 2003 00:40:08 -0000
Received: from spf2.us4.outblaze.com (205-158-62-24.outblaze.com [205.158.62.24])
	by ws4-2.us4.outblaze.com (8.12.7/8.12.7) with ESMTP id h240bolV018458
	for <whitevampire@...dless.com>; Tue, 4 Mar 2003 00:37:50 GMT
Received: from bob.slackware.com (slackware.com [64.57.102.34])
	by spf2.us4.outblaze.com (8.12.7/8.12.7) with ESMTP id h23NOlBK098678
	for <whitevampire@...dless.com>; Mon, 3 Mar 2003 23:27:06 GMT
Received: (from daemon@...alhost)
	by bob.slackware.com (8.11.6/8.11.6) id h23MOhp13226
	for slackware-security-outgoing; Mon, 3 Mar 2003 14:24:43 -0800
Received: from localhost (security@...alhost)
	by bob.slackware.com (8.11.6/8.11.6) with ESMTP id h23MOhm13223
	for <slackware-security@...ckware.com>; Mon, 3 Mar 2003 14:24:43 -0800
Date: Mon, 3 Mar 2003 14:24:43 -0800 (PST)
From: Slackware Security Team <security@...ckware.com>
To: slackware-security@...ckware.com
Subject: [slackware-security]  Sendmail buffer overflow fixed
Message-ID: <Pine.LNX.4.21.0303031424220.13214-100000@....slackware.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-slackware-security@...ckware.com
Precedence: bulk
Reply-To: Slackware Security Team <security@...ckware.com>


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  Sendmail buffer overflow fixed

The sendmail packages in Slackware 8.1 and -current have been patched to fix
a security problem.  All sites running sendmail should upgrade.  

More information on the problem can be found here:

http://www.sendmail.org/8.12.8.html

Here are the details from the Slackware 8.1 ChangeLog:
+--------------------------+
Mon Mar  3 10:29:01 PST 2003
patches/packages/sendmail-8.12.8-i386-1.tgz:  Upgraded to sendmail-8.12.8.
  From sendmail's RELNOTES:
    SECURITY: Fix a remote buffer overflow in header parsing by dropping sender
    and recipient header comments if the comments are too long.  Problem noted
    by Mark Dowd of ISS X-Force.
  (* Security fix *)
patches/packages/sendmail-cf-8.12.8-noarch-1.tgz:  Updated config files for
  sendmail-8.12.8.
+--------------------------+



WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated packages for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-8.12.8-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-cf-8.12.8-noarch-1.tgz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sendmail-8.12.8-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sendmail-cf-8.12.8-noarch-1.tgz



MD5 SIGNATURES:
+-------------+

Here are the md5sums for the packages:

Slackware 8.1 packages:
c2c72b982d91d9ca0f59ab2afdf337f2  sendmail-8.12.8-i386-1.tgz
0b8e338169dca7487dd042ba070120d1  sendmail-cf-8.12.8-noarch-1.tgz

Slackware -current packages:
a9db559cd852164577f26efff1e9b36d  sendmail-8.12.8-i386-1.tgz
0141c1f40e1efd148f9ccd1d5a09e7f0  sendmail-cf-8.12.8-noarch-1.tgz



INSTALLATION INSTRUCTIONS:
+------------------------+

As root, upgrade the sendmail package(s) with upgradepkg:

upgradepkg sendmail-*.tgz

Then, restart sendmail:

/etc/rc.d/rc.sendmail restart



+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@...ckware.com

+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST:                         |
+------------------------------------------------------------------------+
| Send an email to majordomo@...ckware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back.  Follow the instructions to  |
| complete the unsubscription.  Do not reply to this message to          |
| unsubscribe!                                                           |
+------------------------------------------------------------------------+

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+Y7AXakRjwEAQIjMRAq4iAJwIucFzraCEl/TW5xNW3/A8OBCuuACfdnpB
KnimFQKeMEWk+HEClZ0iCXc=
=0WNi
- -----END PGP SIGNATURE-----



- ----- End forwarded message -----

- -- 
\   | \  /  White Vampire\Rem                |  http://gammaforce.org/
 \|\|  \/   whitevampire@...dless.com        |  http://gammagear.com/
"Silly hacker, root is for administrators."  |  http://webfringe.com/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)

iD8DBQE+heEq3+rxmnEDyl8RApZ3AJ9oXisP7Y2DeHQSI3FCgefQFbkCcACeL4Wt
CHuAb00apkFPlamBSiJV+ug=
=vvsT
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ