Dear All,
I noticed that sendmail rpms were updated by yum a day or so ago, however, how can I check if the versions installed are patched for the recently exposed exploit....
I guess that since I am running sendmail-8.13.1-3 (which appears to be the latest according to yum) and the articles describe 8.13.6 as having the fix that I may be vulnerable....
P.
Peter Farrow wrote:
Dear All,
I noticed that sendmail rpms were updated by yum a day or so ago, however, how can I check if the versions installed are patched for the recently exposed exploit....
I guess that since I am running sendmail-8.13.1-3 (which appears to be the latest according to yum) and the articles describe 8.13.6 as having the fix that I may be vulnerable....
P.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
http://lists.centos.org/pipermail/centos-announce/2006-March/001274.html
and
http://www.redhat.com/advice/speaks_backport.html
Leonel
On Mon, 2006-03-27 at 11:34 -0700, Leonel Nunez wrote:
Peter Farrow wrote:
Dear All,
I noticed that sendmail rpms were updated by yum a day or so ago, however, how can I check if the versions installed are patched for the recently exposed exploit....
I guess that since I am running sendmail-8.13.1-3 (which appears to be the latest according to yum) and the articles describe 8.13.6 as having the fix that I may be vulnerable....
P.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
http://lists.centos.org/pipermail/centos-announce/2006-March/001274.html
and
---- those are rather passive options...
rpm -q --changelog sendmail|less
would be more specific to his question on his machine.
Craig
On a side note the upstream updated Squirrelmail in Fedora but not RHEL after the recent security issues, anyone know why ? (Even Debian updated it)
Dear All,
I noticed that sendmail rpms were updated by yum a day or so ago, however, how can I check if the versions installed are patched for the recently exposed exploit....
I guess that since I am running sendmail-8.13.1-3 (which appears to be the latest according to yum) and the articles describe 8.13.6 as having the fix that I may be vulnerable....
There is a vulnerability in Squirrel mail, don't know why Fedora would be updated but not RHEL...
http://www.sans.org/resources/malwarefaq/squirrelmail.php
P.
Tony Wicks wrote:
On a side note the upstream updated Squirrelmail in Fedora but not RHEL after the recent security issues, anyone know why ? (Even Debian updated it)
Dear All,
I noticed that sendmail rpms were updated by yum a day or so ago, however, how can I check if the versions installed are patched for the recently exposed exploit....
I guess that since I am running sendmail-8.13.1-3 (which appears to be the latest according to yum) and the articles describe 8.13.6 as having the fix that I may be vulnerable....
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Craig White -
Leonel Nunez -
Peter Farrow -
Tony Wicks