Fedora Legacy Test Update Notification: sendmail

Thu Mar 23 19:21:52 UTC 2006

On Thursday 23 March 2006 02:50, Jesse Keating wrote:
>---------------------------------------------------------------------
>Fedora Legacy Test Update Notification
>FEDORALEGACY-2006-186277
>Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186277
>2006-03-22
>---------------------------------------------------------------------
>
>Name        : sendmail
>Versions    : rh73: sendmail-8.12.11-4.22.9.legacy

What line in the /etc/yum.conf on my rh7.3 firewall box do I need to 
access this fix, yum is telling me its installed and current.  But rpm 
says its sendmail-8.11.6-27.73, a bit long in the tooth don't you 
think?

>Versions    : rh9: sendmail-8.12.11-4.24.1.legacy
>Versions    : fc1: sendmail-8.12.11-4.25.1.legacy
>Versions    : fc2: sendmail-8.12.11-4.26.legacy
>Versions    : fc3: sendmail-8.13.1-3.legacy
>Summary     : A widely used Mail Transport Agent (MTA).
>Description :
>The Sendmail program is a very widely used Mail Transport Agent (MTA).
>MTAs send mail from one machine to another. Sendmail is not a client
>program, which you use to read your email. Sendmail is a
>behind-the-scenes program which actually moves your email over
>networks or the Internet to where you want it to go.
>
>If you ever need to reconfigure Sendmail, you will also need to have
>the sendmail.cf package installed. If you need documentation on
>Sendmail, you can install the sendmail-doc package.
>
>---------------------------------------------------------------------
>Update Information:
>
>An updated tar package that fixes a flaw in the handling of
> asynchronous signals.
>
>A flaw in the handling of asynchronous signals was discovered in
> Sendmail. A remote attacker may be able to exploit a race condition
> to execute arbitrary code as root. The Common Vulnerabilities and
> Exposures project assigned the name CVE-2006-0058 to this issue.
>
>By default on Red Hat Enterprise Linux 2.1 and later, Sendmail is
> configured to only accept connections from the local host. Therefore
> only users who have configured Sendmail to listen to remote hosts
> would be able to be remotely exploited by this vulnerability.
>
>In order to correct this issue for RHL 7.3 users, it was necessary to
> upgrade the version of Sendmail from 8.11 as originally shipped to
> Sendmail 8.12.11 with the addition of the security patch supplied by
> Sendmail Inc. This erratum provides updated packages based on
> Sendmail 8.12 with a compatibility mode enabled as provided by Red
> Hat for RHEL 2.1. After updating to these packages, users should pay
> close attention to their sendmail logs to ensure that the upgrade
> completed sucessfully.
>
>In order to correct this issue for RHL 9 and FC1 users, it was
> necessary to upgrade the version of Sendmail from 8.12.8 and 8.12.10
> respectively to 8.12.11 with the addition of the security patch
> supplied by Sendmail Inc. After updating to these packages, users
> should pay close attention to their sendmail logs to ensure that the
> upgrade completed sucessfully.
>
>For Fedora Core 3 users, the patch supplied by Sendmail Inc. applies
> cleanly to the latest sendmail package previously released for Fedora
> Core 3.
>
>Users of Sendmail should upgrade to this updated package, which
> contains a replacement backported patch to correct this issue.
>
>---------------------------------------------------------------------
>Changelogs
>
>rh73:
>* Wed Mar 22 2006 Jesse Keating <jkeating at j2solutions.net>
>8.12.11-4.22.9.legacy
>- Sourced in for RHL7.3
>- Added groff buildreq
>
>
>rh9:
>* Wed Mar 22 2006 Jesse Keating <jkeating at redhat.com> -
> 8.12.11-4.24.1.legacy - fixed VU#834865 (#186277)
>- disable -fpie
>- enable old_setup
>- Add BuildReq gdbm-devel
>- Use sasl1
>
>
>fc1:
>* Wed Mar 22 2006 Jesse Keating <jkeating at redhat.com> -
> 8.12.11-4.25.1.legacy - fixed VU#834865 (#186277)
>- enable old_setup
>
>fc2:
>* Wed Mar 22 2006 Jesse Keating <jkeating at redhat.com> -
> 8.12.11-4.26.legacy - fixed VU#834865 (#186277)
>
>fc3:
>* Wed Mar 22 2006 Jesse Keating <jkeating at j2solutions.net>
> 8.13.1-3.legacy - fixed VU#834865 (#186277)
>
>---------------------------------------------------------------------
>This update can be downloaded from:
>  http://download.fedoralegacy.org/
>(sha1sums)
>
>rh73:
>d9c001d8a34f11f528ff6be2a9f8dd15818caf40
>redhat/7.3/updates-testing/SRPMS/sendmail-8.12.11-4.22.9.legacy.src.rp
>m 80f02c886b020e6d6ef17389c22c8b530fb05a48
>redhat/7.3/updates-testing/i386/sendmail-8.12.11-4.22.9.legacy.i386.rp
>m 285816881a55fe4b8a74fee48205c8ceedaee5e5
>redhat/7.3/updates-testing/i386/sendmail-cf-8.12.11-4.22.9.legacy.i386
>.rpm b4154a342e7747d980b7acaf352649ddc1dcc40d
>redhat/7.3/updates-testing/i386/sendmail-devel-8.12.11-4.22.9.legacy.i
>386.rpm 81a36048a12cc5c08a8e93490dde6817c402ae54
>redhat/7.3/updates-testing/i386/sendmail-doc-8.12.11-4.22.9.legacy.i38
>6.rpm
>
>
>rh9:
>272bbff91a52692991f6f0fd434a27fda1c92057
>redhat/9/updates-testing/SRPMS/sendmail-8.12.11-4.24.1.legacy.src.rpm
>683d48df1c5aabb1e9768d4bfb37036d0d7ff7c6
>redhat/9/updates-testing/i386/sendmail-8.12.11-4.24.1.legacy.i386.rpm
>a6e967294f6cbe9f623e5626e20e33fbbc410f68
>redhat/9/updates-testing/i386/sendmail-cf-8.12.11-4.24.1.legacy.i386.r
>pm da996e582bb27144c7c26050e0ba51ce7cb727d7
>redhat/9/updates-testing/i386/sendmail-devel-8.12.11-4.24.1.legacy.i38
>6.rpm 8d03dc1dd178543cb9d9050198774b599967bfcd
>redhat/9/updates-testing/i386/sendmail-doc-8.12.11-4.24.1.legacy.i386.
>rpm
>
>
>fc1:
>c33698f4e499d477d9712de3d6061825348a294f
>fedora/1/updates-testing/SRPMS/sendmail-8.12.11-4.25.1.legacy.src.rpm
>df880ab03eaeb2f82be81bee96c28392984a4b86
>fedora/1/updates-testing/i386/sendmail-8.12.11-4.25.1.legacy.i386.rpm
>729bcaeb1269b65728f014bbbedb5c1a54a5158e
>fedora/1/updates-testing/i386/sendmail-cf-8.12.11-4.25.1.legacy.i386.r
>pm 256ff91b67ecc7680a5f2fb97b3b32142bb80d18
>fedora/1/updates-testing/i386/sendmail-devel-8.12.11-4.25.1.legacy.i38
>6.rpm 65725c811c4c7eede9f88c006a13c15e458d353f
>fedora/1/updates-testing/i386/sendmail-doc-8.12.11-4.25.1.legacy.i386.
>rpm
>
>
>fc2:
>65086d18cb29e02b57ce07b6abf79ba378ae1c3c
>fedora/2/updates-testing/SRPMS/sendmail-8.12.11-4.26.legacy.src.rpm
>7e44b02696338832e2dfc0057aeb58c98511d0d2
>fedora/2/updates-testing/i386/sendmail-8.12.11-4.26.legacy.i386.rpm
>d159f0c92bd530799b75341d18b5b2cbe5aa5a0a
>fedora/2/updates-testing/i386/sendmail-cf-8.12.11-4.26.legacy.i386.rpm
>8421bfb2eb2f2b3fddb35e905fdcfecd0fb8088c
>fedora/2/updates-testing/i386/sendmail-devel-8.12.11-4.26.legacy.i386.
>rpm b659d2733afa3d6f4df840a395c6eae3a5c07d50
>fedora/2/updates-testing/i386/sendmail-doc-8.12.11-4.26.legacy.i386.rp
>m
>
>fc3:
>fbfba64eac81e57ae098f967b7d3bf4e47e04c87
>fedora/3/updates-testing/SRPMS/sendmail-8.13.1-3.legacy.src.rpm
>6cc0f44ad32c0eb62801331bf8bfa41625b61031
>fedora/3/updates-testing/i386/sendmail-8.13.1-3.legacy.i386.rpm
>04bd02d3f731eb985d6e8b9fde7ee3ddc5bdccfe
>fedora/3/updates-testing/i386/sendmail-cf-8.13.1-3.legacy.i386.rpm
>97f173fa48f847feb5051bc2cb4686f53e3895ac
>fedora/3/updates-testing/i386/sendmail-devel-8.13.1-3.legacy.i386.rpm
>298c0908052efdbc671dda1f22f025f96a10d770
>fedora/3/updates-testing/i386/sendmail-doc-8.13.1-3.legacy.i386.rpm
>162a1e21ac33e5a9072f7cb9934d17523d8160f6
>fedora/3/updates-testing/x86_64/sendmail-8.13.1-3.legacy.x86_64.rpm
>939de41400340905ec0b378b501e5d1b8b41e545
>fedora/3/updates-testing/x86_64/sendmail-cf-8.13.1-3.legacy.x86_64.rpm
>c09947143c351f575737036599c23c542404d82e
>fedora/3/updates-testing/x86_64/sendmail-devel-8.13.1-3.legacy.x86_64.
>rpm bd1b9553b49e5c2631a40f68461472b1671f9beb
>fedora/3/updates-testing/x86_64/sendmail-doc-8.13.1-3.legacy.x86_64.rp
>m
>
>---------------------------------------------------------------------
>
>Please test and comment in bugzilla.

-- 
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules.  I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.