Yellow Dog Linux Security Advisory: YDU-20030409-1

Troy Vitullo yellowdog-updates@lists.terrasoftsolutions.com
Mon, 14 Apr 2003 11:33:28 -0600 

Yellow Dog Linux Security Announcement
--------------------------------------

Package:	sendmail
Issue Date:	April 09, 2003
Priority:	high
Advisory ID: 	YDU-20030409-1


1. 	Topic:

	Updated sendmail packages are available.


2. 	Problem:

	Sendmail contains a security vulnerability with regard to certain cases
	encountered by the address parser when doing insufficient bounds
	checking.

	No exploit exists currently, but the problem is locally expoitable,
	and possibly remotely exploitable.


3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install sendmail

   	b) Updating manually...
	Download the updates below and then run the following rpm command.
   	(Please use a mirror site)

		rpm -Fvh [filenames]
		Yellow Dog Linux 3.0
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/
			ppc/sendmail-8.12.8-5.90.ppc.rpm
			ppc/sendmail-cf-8.12.8-5.90.ppc.rpm
			ppc/sendmail-devel-8.12.8-5.90.ppc.rpm
			ppc/sendmail-doc-8.12.8-5.90.ppc.rpm
			SRPMS/sendmail-8.12.8-5.90.src.rpm

		Yellow Dog Linux 2.3
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
			ppc/sendmail-8.11.6-25.72.ppc.rpm
			ppc/sendmail-8.11.6-25.72.ppc.rpm
			ppc/sendmail-8.11.6-25.72.ppc.rpm
			ppc/sendmail-8.11.6-25.72.ppc.rpm
			SRPMS/sendmail-8.11.6-25.72.src.rpm


4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
[Yellow Dog Linux 3.0]
0723621fce1e9403f5843dfe5dbd7dce  ppc/sendmail-8.12.8-5.90.ppc.rpm
ae518c3a2c2e2d3b4d752b82b35ad8ea  ppc/sendmail-cf-8.12.8-5.90.ppc.rpm
27f6d368e9c5c3962a0dafd1a5f6c373  ppc/sendmail-devel-8.12.8-5.90.ppc.rpm
20e5c596b1b65f9f5522ea2bc2561449  ppc/sendmail-doc-8.12.8-5.90.ppc.rpm
5f3ffb78a41d052367682f09f05c1436  SRPMS/sendmail-8.12.8-5.90.src.rpm

[Yellow Dog Linux 2.3]
eb874d116c6d17624481b167e8592238  ppc/sendmail-8.11.6-25.72.ppc.rpm
773e588bfe2cd2f3274e343eaa0bc6d9  ppc/sendmail-cf-8.11.6-25.72.ppc.rpm
c04fc694acaa7aa577734af7e8b96569  ppc/sendmail-devel-8.11.6-25.72.ppc.rpm
00c43696e827c508a6db1d7e1c2d5801  ppc/sendmail-doc-8.11.6-25.72.ppc.rpm
bb97a5bfeb93f73f7bc76c04d0461445  SRPMS/sendmail-8.11.6-25.72.src.rpm

If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: md5sum <filename>


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml