[CentOS-mirror] Sendmail

Wed Mar 22 20:21:26 UTC 2006
Tony Wicks <tonyw at prophecy.net.nz>

Here is another question, would installing the official Redhat packages 
on a CentOS machine ? I'm thinking it shouldn't be an issue.

Tony Wicks wrote:
> HI guys, If the rpm for this could be produced as soon as humanly 
> possible it would be appreciates ! thanks guys -
> 
> Synopsis
> Critical: sendmail security update
> 
> Issued:     3/22/06
> Updated:     3/22/06
> Topic
> Updated sendmail packages to fix a security issue are now available for Red
> Hat Enterprise Linux 3 and 4.
> 
> This update has been rated as having critical security impact by the Red
> Hat Security Response Team.
> Description
> Sendmail is a Mail Transport Agent (MTA) used to send mail between 
> machines.
> 
> A flaw in the handling of asynchronous signals was discovered in Sendmail.
> A remote attacker may be able to exploit a race condition to execute
> arbitrary code as root. The Common Vulnerabilities and Exposures project
> assigned the name CVE-2006-0058 to this issue.
> 
> By default on Red Hat Enterprise Linux 3 and 4, Sendmail is configured to
> only accept connections from the local host. Therefore, only users who have
> configured Sendmail to listen to remote hosts would be able to be remotely
> exploited by this vulnerability.
> 
> Users of Sendmail are advised to upgrade to these erratum packages, which
> contain a backported patch from the Sendmail team to correct this issue.
> Solution
> Before applying this update, make sure all previously released errata
> relevant to your system have been applied.
> 
> This update is available via Red Hat Network. To use Red Hat Network,
> launch the Red Hat Update Agent with the following command:
> 
> up2date
> 
> This will start an interactive process that will result in the appropriate
> RPMs being upgraded on your system.
> Affected Channels
> Red Hat Enterprise Linux ES (v. 3 for AMD64/Intel EM64T)
> Red Hat Enterprise Linux ES (v. 3 for Itanium)
> Red Hat Enterprise Linux ES (v. 3 for x86)
> Red Hat Enterprise Linux ES (v. 4 for 32-bit x86)
> Red Hat Enterprise Linux ES (v. 4 for 64-bit Intel Itanium)
> Red Hat Enterprise Linux ES (v. 4 for AMD64/Intel EM64T)
> 
> 
> _______________________________________________
> CentOS-mirror mailing list
> CentOS-mirror at centos.org
> http://lists.centos.org/mailman/listinfo/centos-mirror