[Updated] [FLSA-2006:186277] Updated sendmail packages fix security issue

Adam Gibson agibson at ptm.com
Wed Apr 5 21:05:19 UTC 2006 

David Eisenstein wrote:
> Adam Gibson wrote:
>> Adam Gibson wrote:
>>
>>> One thing I noticed after the latest yum update of sendmail from the
>>> previous update is that alternatives is broken for /etc/pam.d/smtp for
>>> the sendmail package.  <<snip>>
>> So basically it boils down to alternatives with the newer sendmail
>> updates do not do anything with /etc/pam.d/smtp anymore(It is part of
>> the packages itself and not a symlink).  The problem I had is that the
>> old symlink was in the way when sendmail was updated.
> 
> My take, judging from previous comments you've posted, Adam, is that you run
> the Red Hat 9 version of sendmail?

Correct.  I realized that I did not include an OS version after 
submitting the second email and didn't want to send a third reply.  Good 
guess :).

...
> To fix this bug in RH9's sendmail-8.12.11-4.24.1.legacy (similarly in
> FC1's), we elected to revert the alternatives behavior to what it had
> been in sendmail-8.12.8.  The various scenarios might be, then:
>    c)  User is using 8.12.8, upgraded to 8.12.11-4.24.1.  Same problems as
>        (b).  User either fixes this by hand (by making a symlink /etc/pam.d/
>        smtp -> smtp.sendmail &c) or fixes this using the "alternatives
>        --config mta" command, as suggested by Marc in
>        <http://tinyurl.com/jdwko>.  If user does either of these two things, a
>        later upgrade to sendmail-8.12.11-4.24.3 will break /etc/pam.d/smtp,
>        causing it to point to a non-existent /etc/pam.d/smtp.sendmail, and
>        create /etc/pam.d/smtp.rpmnew.  This one, I think, would have been your
>        scenario, Adam.  You have provided a good workaround for this.

That is precisely what I saw.  Thanks.

> Hope this helps explain the situation, Adam.  It was a mess, and we did the
> best we knew to fix it.  Sorry for the trouble it has caused.
> 

The problems were relatively minor.  I was just posting the information 
mainly in case others experienced the same issue so they would know of a 
fix.  I am surprised that you were able to decipher the 2 previous 
emails...  It was very confusing even trying to explain the symlink 
because the symlink in question points to a symlink which points to a 
missing file :).

Thanks for the reply.  I really didn't expect a reply that explained 
things as well as you did.

More information about the fedora-legacy-list mailing list