Yellow Dog Linux Security Advisory: YDU-20030409-1
Troy Vitullo
yellowdog-updates@lists.terrasoftsolutions.com
Mon, 14 Apr 2003 11:33:28 -0600
Yellow Dog Linux Security Announcement
--------------------------------------
Package: sendmail
Issue Date: April 09, 2003
Priority: high
Advisory ID: YDU-20030409-1
1. Topic:
Updated sendmail packages are available.
2. Problem:
Sendmail contains a security vulnerability with regard to certain cases
encountered by the address parser when doing insufficient bounds
checking.
No exploit exists currently, but the problem is locally expoitable,
and possibly remotely exploitable.
3. Solution:
a) Updating via apt...
We suggest that you use the apt-get program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
apt-get update
apt-get install sendmail
b) Updating manually...
Download the updates below and then run the following rpm command.
(Please use a mirror site)
rpm -Fvh [filenames]
Yellow Dog Linux 3.0
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
ppc/sendmail-8.12.8-5.90.ppc.rpm
ppc/sendmail-cf-8.12.8-5.90.ppc.rpm
ppc/sendmail-devel-8.12.8-5.90.ppc.rpm
ppc/sendmail-doc-8.12.8-5.90.ppc.rpm
SRPMS/sendmail-8.12.8-5.90.src.rpm
Yellow Dog Linux 2.3
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
ppc/sendmail-8.11.6-25.72.ppc.rpm
ppc/sendmail-8.11.6-25.72.ppc.rpm
ppc/sendmail-8.11.6-25.72.ppc.rpm
ppc/sendmail-8.11.6-25.72.ppc.rpm
SRPMS/sendmail-8.11.6-25.72.src.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
[Yellow Dog Linux 3.0]
0723621fce1e9403f5843dfe5dbd7dce ppc/sendmail-8.12.8-5.90.ppc.rpm
ae518c3a2c2e2d3b4d752b82b35ad8ea ppc/sendmail-cf-8.12.8-5.90.ppc.rpm
27f6d368e9c5c3962a0dafd1a5f6c373 ppc/sendmail-devel-8.12.8-5.90.ppc.rpm
20e5c596b1b65f9f5522ea2bc2561449 ppc/sendmail-doc-8.12.8-5.90.ppc.rpm
5f3ffb78a41d052367682f09f05c1436 SRPMS/sendmail-8.12.8-5.90.src.rpm
[Yellow Dog Linux 2.3]
eb874d116c6d17624481b167e8592238 ppc/sendmail-8.11.6-25.72.ppc.rpm
773e588bfe2cd2f3274e343eaa0bc6d9 ppc/sendmail-cf-8.11.6-25.72.ppc.rpm
c04fc694acaa7aa577734af7e8b96569 ppc/sendmail-devel-8.11.6-25.72.ppc.rpm
00c43696e827c508a6db1d7e1c2d5801 ppc/sendmail-doc-8.11.6-25.72.ppc.rpm
bb97a5bfeb93f73f7bc76c04d0461445 SRPMS/sendmail-8.11.6-25.72.src.rpm
If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: md5sum <filename>
5. Misc.
Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.
For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml