From owner-freebsd-security@FreeBSD.ORG Wed Sep 17 21:17:10 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2660716A4B3 for ; Wed, 17 Sep 2003 21:17:10 -0700 (PDT) Received: from a2.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id B391043FB1 for ; Wed, 17 Sep 2003 21:17:08 -0700 (PDT) (envelope-from andrew@scoop.co.nz) Received: from localhost (localhost [127.0.0.1]) by a2.scoop.co.nz (8.12.10/8.12.9) with ESMTP id h8I4H7Nh051846 for ; Thu, 18 Sep 2003 16:17:07 +1200 (NZST) (envelope-from andrew@scoop.co.nz) Date: Thu, 18 Sep 2003 16:17:07 +1200 (NZST) From: Andrew McNaughton To: freebsd-security@freebsd.org In-Reply-To: <6.0.0.22.0.20030917134441.08ac86a8@209.112.4.2> Message-ID: <20030918161314.J29876@a2.scoop.co.nz> References: <20030917162118.GB4838@madman.celabo.org> <6.0.0.22.0.20030917134441.08ac86a8@209.112.4.2> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: Sendmail vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Sep 2003 04:17:10 -0000 I've been using sendmail from ports for some time. I just upgraded to sendmail 8.12.10 by changing the version number in the makefile, then doing `make makesum build deinstall reinstall`. Everything built cleanly, started up ok, accepted a delivery and generally looks oK so far an outgoiand looks ok so far. Andrew On Wed, 17 Sep 2003, Mike Tancsa wrote: > Date: Wed, 17 Sep 2003 13:46:14 -0400 > From: Mike Tancsa > To: Jacques A. Vidrine , freebsd-security@freebsd.org > Cc: gshapiro@freebsd.org > Subject: Re: Sendmail vulnerability > > > Looks like they have released http://www.sendmail.org/8.12.10.html > > Are their plans to import/mfc this into stable ? No doubt a busy day for > the Sendmail folk as well :-( > > ---Mike > > At 12:21 PM 17/09/2003, Jacques A. Vidrine wrote: > >You've probably already seen the latest sendmail vulnerability. > > > >http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html > > > >I believe you can apply the following patch to any of the security > >branches: > > > >http://cvsweb.freebsd.org/src/contrib/sendmail/src/parseaddr.c.diff?r1=1.1.1.17&r2=1.1.1.18 > > > >Download the patch and: > > > > # cd /usr/src > > # patch -p1 < /path/to/patch > > # cd /usr/src/usr.sbin/sendmail > > # make obj && make depend && make && make install > > > > > >Official advisory will go out later today. > > > >Cheers, > >-- > >Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal > >nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se > >_______________________________________________ > >freebsd-security@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-security > >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > -- No added Sugar. Not tested on animals. May contain traces of Nuts. If irritation occurs, discontinue use. ------------------------------------------------------------------- Andrew McNaughton Currently in Boomer Bay, Tasmania andrew@scoop.co.nz Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc