Security 3月 23, 2006
(Last Updated On: 2006年3月23日)

OSVDBに1983年に登録されたとされる”SendmailのUnspecified Overflow“のエントリ他3つが更新されていたので、またSendmailにセキュリティホールかな?と思っていたら色々なディストリビューションからアドバイザリが出始めました。sendmailのホームページにもアドバイザリが記載されています。


# Sendmail 8.13.6 is available (2006-03-22); it contains a fix for a security problem discovered by Mark Dowd of ISS X-Force. Sendmail urges all users of sendmail 8 to upgrade to sendmail 8.13.6.
If you cannot upgrade to 8.13.6, then you can apply a patch to 8.13.5, or a patch for 8.12.11. Note: these patches do not apply cleanly to older versions; moreover, they may not even work properly due to other changes that have been made in the latest versions. Hence we strongly suggest all users of sendmail 8 to upgrade to sendmail 8.13.6.
For those not running the open source version, check with your vendor for a patch. If you use the commercial version from Sendmail, Inc. then please see their advisory.




投稿者: yohgaki