Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: sendmail (200303-27)
Date: Mon, 31 Mar 2003 09:15:37
Message-Id: 20030331091230.A82515762@mail2.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200303-27
6 - - ---------------------------------------------------------------------
7
8 PACKAGE : sendmail
9 SUMMARY : buffer overflow
10 DATE : 2003-03-31 09:13 UTC
11 EXPLOIT : remote
12 VERSIONS AFFECTED : <8.12.9
13 FIXED VERSION : >=8.12.9
14 CVE : CAN-2003-0161
15
16 - - ---------------------------------------------------------------------
17
18 - From advisory:
19 "There is a vulnerability in sendmail that can be exploited to cause
20 a denial-of-service condition and could allow a remote attacker to
21 execute arbitrary code with the privileges of the sendmail
22 daemon, typically root."
23
24 Read the full advisory at
25 http://www.cert.org/advisories/CA-2003-12.html
26
27 SOLUTION
28
29 It is recommended that all Gentoo Linux users who are running
30 net-mail/sendmail upgrade to sendmail-8.12.9 as follows:
31
32 emerge sync
33 emerge sendmail
34 emerge clean
35
36 - - ---------------------------------------------------------------------
37 aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz
38 avenj@g.o
39 - - ---------------------------------------------------------------------
40 -----BEGIN PGP SIGNATURE-----
41 Version: GnuPG v1.2.1 (GNU/Linux)
42
43 iD8DBQE+iAbNfT7nyhUpoZMRAuQWAJ9DKi8B6JxgHVyxRLZfM1e5N0YyNQCgqM7Y
44 NwuiPB4hihTbTLAXIKg9/J8=
45 =RiMh
46 -----END PGP SIGNATURE-----
Report Message
Find on MARC Find on Google Groups