From owner-freebsd-bugs  Thu Sep 19 04:10:09 1996
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id EAA24609
          for bugs-outgoing; Thu, 19 Sep 1996 04:10:09 -0700 (PDT)
Received: (from gnats@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id EAA24577;
          Thu, 19 Sep 1996 04:10:03 -0700 (PDT)
Resent-Date: Thu, 19 Sep 1996 04:10:03 -0700 (PDT)
Resent-Message-Id: <199609191110.EAA24577@freefall.freebsd.org>
Resent-From: gnats (GNATS Management)
Resent-To: freebsd-bugs
Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org,
        jez@netcraft.co.uk (Jeremy Prior)
Received: from ns0.netcraft.co.uk (ns0.netcraft.co.uk [194.72.238.4])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id EAA24144
          for <FreeBSD-gnats-submit@freebsd.org>; Thu, 19 Sep 1996 04:08:46 -0700 (PDT)
Received: (from jez@localhost) by ns0.netcraft.co.uk (8.7.5/8.6.9) id MAA14616; Thu, 19 Sep 1996 12:03:53 +0100 (BST)
Message-Id: <199609191103.MAA14616@ns0.netcraft.co.uk>
Date: Thu, 19 Sep 1996 12:03:53 +0100 (BST)
From: jez@netcraft.co.uk (Jeremy Prior)
Reply-To: jez@netcraft.co.uk (Jeremy Prior)
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: bin/1647: sendmail-8.7.6 security fix
Sender: owner-bugs@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


>Number:         1647
>Category:       bin
>Synopsis:       sendmail 8.7.6 fixes vulnerabilities in CERT CA-96.20
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 19 04:10:02 PDT 1996
>Last-Modified:
>Originator:     Jeremy Prior
>Organization:
Netcraft Ltd
>Release:        FreeBSD 2.1-STABLE i386
>Environment:

	Both -stable and -current are running sendmail 8.7.5

>Description:

	CERT have just released an advisory (CA-96.20) detailing two
	vulnerabilities in *all* versions of sendmail upto and including
	sendmail 8.7.5 - the version used by both FreeBSD-stable and
	FreeBSD-current.

>How-To-Repeat:

	See ftp://info.cert.org/pub/cert_advisories/CA-96.20.sendmail_vul

>Fix:
	
	I've uploaded a (hopefully) minimal set of diffs to take our
	sendmail from 8.7.5 -> 8.7.6.  The file is:

	ftp://freefall.FreeBSD.org/incoming/sendmail-8.7.5-8.7.6-diffs.gz

	It cleanly installs and compiles on my -stable sources (SUP'd 19th
	Sept 96), but *I've not been able to test it yet*.  Caveat Emptor!

>Audit-Trail:
>Unformatted: