[CentOS] Re: Sendmail Segfaults
dts at senie.com
Tue Sep 19 19:41:12 UTC 2006
At 07:44 PM 9/18/2006, Scott Silva wrote:
>Alexander Dalloz spake the following on 9/18/2006 4:14 PM:
> > Scott Silva schrieb:
> >> Has anybody else been seeing a lot of sendmail segfaults since Yesterday?
> >> I got over 2300 yesterday alone, and haven't got done counting todays.
> > You are maybe target of an attack using a known vulnerability of
> > Sendmail < 8.13.8.
> > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4434
> > Alexander
>Is there a good repo with a newer sendmail than in CentOS 4.4?
Note that RedHat has been back-porting patches into sendmail 8.12.x
rather than supplying 8.13.x as a bug fix. As a result, the patched
8.12.x might not be vulnerable to issues despite CVE statements that
all versions before X are vulnerable. That said, I haven't looked to
see if RedHat has indeed patched up sendmail to deal with this
This also points out one of my concerns with the RHEL distribution
(we have lots of copies we pay RH for, and a few we use CentOS for).
For some packages, we'd REALLY like a choice of staying on the
present train, or moving forward. In our case, sendmail-8.13 would be
useful, and php-5.x would be useful. If there were the possibility of
getting those -- including bug fixes for security updates via normal
patch installation methods -- we would be much happier.
More information about the CentOS