Date: Thu, 19 Sep 1996 12:03:53 +0100 (BST) From: jez@netcraft.co.uk (Jeremy Prior) To: FreeBSD-gnats-submit@freebsd.org Subject: bin/1647: sendmail-8.7.6 security fix Message-ID: <199609191103.MAA14616@ns0.netcraft.co.uk> Resent-Message-ID: <199609191110.EAA24577@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 1647 >Category: bin >Synopsis: sendmail 8.7.6 fixes vulnerabilities in CERT CA-96.20 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Sep 19 04:10:02 PDT 1996 >Last-Modified: >Originator: Jeremy Prior >Organization: Netcraft Ltd >Release: FreeBSD 2.1-STABLE i386 >Environment: Both -stable and -current are running sendmail 8.7.5 >Description: CERT have just released an advisory (CA-96.20) detailing two vulnerabilities in *all* versions of sendmail upto and including sendmail 8.7.5 - the version used by both FreeBSD-stable and FreeBSD-current. >How-To-Repeat: See ftp://info.cert.org/pub/cert_advisories/CA-96.20.sendmail_vul >Fix: I've uploaded a (hopefully) minimal set of diffs to take our sendmail from 8.7.5 -> 8.7.6. The file is: ftp://freefall.FreeBSD.org/incoming/sendmail-8.7.5-8.7.6-diffs.gz It cleanly installs and compiles on my -stable sources (SUP'd 19th Sept 96), but *I've not been able to test it yet*. Caveat Emptor! >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609191103.MAA14616>