From owner-freebsd-isp  Thu Apr  3 14:11:14 1997
Return-Path: <owner-isp>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id OAA19628
          for isp-outgoing; Thu, 3 Apr 1997 14:11:14 -0800 (PST)
Received: from mail.webspan.net (mail.webspan.net [206.154.70.7])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA19621;
          Thu, 3 Apr 1997 14:11:08 -0800 (PST)
Received: from orion.webspan.net (orion.webspan.net [206.154.70.5]) 
          by mail.webspan.net (WEBSPAN/970116) with ESMTP id RAA07447;
          Thu, 3 Apr 1997 17:10:49 -0500 (EST)
Received: from orion.webspan.net (localhost [127.0.0.1]) 
          by orion.webspan.net (WEBSPN/970116) with ESMTP id RAA13821;
          Thu, 3 Apr 1997 17:10:49 -0500 (EST)
To: freebsd-isp@freebsd.org
cc: freebsd-security@freebsd.org
From: "Gary Palmer" <gpalmer@freebsd.org>
Subject: Another INND security hole.
Date: Thu, 03 Apr 1997 17:10:49 -0500
Message-ID: <13819.860105449@orion.webspan.net>
Sender: owner-isp@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


Hope I'm not out of line forwarding this before the CERT
advisory... It's probably all over bugtraq already tho.

Gary
--
Gary Palmer                                          FreeBSD Core Team Member
FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info

------- Forwarded Message

From: owner-inn-announce@vix.com
Message-Id: <199704032026.MAA17781@gw.home.vix.com>
Sender: owner-inn-announce@vix.com
Precedence: bulk

You heard it here first (CERT will be making an announcement
shortly). There's another problem in INN. This time all versions. It's
actually more of a problem with UCB Mail, and if you don't use UCB Mail as
the _PATH_MAILCMD definition in your config.data, then you're not affected,
but I suggest doing the fix anyway....

There's a new patch (to the same script as the previous security
announcement) in 

	ftp://ftp.isc.org/isc/inn/patches/security-patch.04

NOTE. If you are running a version older than 1.5.1, then you *must* first
apply the appropriate patch mentioned previously here and in the CERT
announcement of about 6 weeks ago (i.e. one of security-patch.01,
security-patch.02 or security-patch.03)

The web page http://www.isc.org has a section on the new security issue,
and part on how to install the patch, if you don't know what to do.

James
- --
James Brister                                             brister@vix.com
Internet Software Consortium      http://www.isc.org      inn@isc.org


------- End of Forwarded Message