[Mimedefang] SECURITY: Update to Sendmail 8.12.8 ASAP

Shawn Button sbutton at dtjboulder.com
Mon Mar 3 14:28:00 EST 2003


When I performed the upgrade, I received "service sendmail does not
support chkconfig." It is hard to determine if it actually upgraded or
not...any thoughts? 

-----Original Message-----
From: mimedefang-admin at lists.roaringpenguin.com
[mailto:mimedefang-admin at lists.roaringpenguin.com] On Behalf Of David F.
Skoll
Sent: Monday, March 03, 2003 11:12 AM
To: mimedefang at lists.roaringpenguin.com
Subject: [Mimedefang] SECURITY: Update to Sendmail 8.12.8 ASAP


This just in.  Best upgrade rather soon. :-(

--
David.


---------- Forwarded message ----------
Date: Mon, 3 Mar 2003 09:08:09 -0800
From: Claus Assmann <ca+bugtraq at sendmail.org>
To: bugtraq at securityfocus.com, vulnwatch at vulnwatch.org
Subject: sendmail 8.12.8 available

-----BEGIN PGP SIGNED MESSAGE-----

Sendmail, Inc., and the Sendmail Consortium announce the availability
of sendmail 8.12.8.  It contains a fix for a critical security
problem discovered by Mark Dowd of ISS X-Force; we thank ISS X-Force
for bringing this problem to our attention.  Sendmail urges all users to
either upgrade to sendmail 8.12.8 or apply the patch for 8.12 that
is part of this announcement.  Patches for older versions can be
downloaded from ftp.sendmail.org, see http://www.sendmail.org/ for
details.  Remember to check the PGP signatures of patches or releases
obtained.  For those not running the open source version, check
with your vendor for a patch.  There is a bug fix for ident parsing
in 8.12.8.  While this is not believed to be exploitable, if you
are not upgrading to 8.12.8, you may want to turn off ident checking
by adding this to your .mc file:

define(`confTO_IDENT', `0s')


For a complete list of changes see the release notes down below.

Please send bug reports to sendmail-bugs at sendmail.org as usual.

Note: We have changed the way we digitally sign the source code
distributions to simplify verification: in contrast to earlier
versions two .sig files are provided, one each for the gzip'ed
version and the compressed version. That is, instead of signing the
tar file, we sign the compressed/gzip'ed files, so you do not need
to uncompress the file before checking the signature.

This version can be found at

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.8.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.8.tar.gz.sig
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.8.tar.Z
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.8.tar.Z.sig

and the usual mirror sites.

MD5 signatures:

71b4ce8276536b82d4acdf6ec8be306a sendmail.8.12.8.tar.gz
2ecf7890c2ff5035aed8d342473d85a5 sendmail.8.12.8.tar.gz.sig
b06953b5fd11f9cd63b1eb89625ad881 sendmail.8.12.8.tar.Z
b505fc5b36fbba5b3af2afecb4d587b3 sendmail.8.12.8.tar.Z.sig

You either need the first two files or the third and fourth, i.e.,
the gzip'ed version or the compressed version and the corresponding
.sig file.  The PGP signature was created using the Sendmail Signing
Key/2003, available on the web site (http://www.sendmail.org/) or
on the public key servers.
_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang




More information about the MIMEDefang mailing list