From aliz@gentoo.org Mon Mar 31 20:24:54 2003 From: Daniel Ahlberg To: bugtraq@securityfocus.com Date: Mon, 31 Mar 2003 11:13:58 +0200 Subject: GLSA: sendmail (200303-27) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200303-27 - - --------------------------------------------------------------------- PACKAGE : sendmail SUMMARY : buffer overflow DATE : 2003-03-31 09:13 UTC EXPLOIT : remote VERSIONS AFFECTED : <8.12.9 FIXED VERSION : >=8.12.9 CVE : CAN-2003-0161 - - --------------------------------------------------------------------- - From advisory: "There is a vulnerability in sendmail that can be exploited to cause a denial-of-service condition and could allow a remote attacker to execute arbitrary code with the privileges of the sendmail daemon, typically root." Read the full advisory at http://www.cert.org/advisories/CA-2003-12.html SOLUTION It is recommended that all Gentoo Linux users who are running net-mail/sendmail upgrade to sendmail-8.12.9 as follows: emerge sync emerge sendmail emerge clean - - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz avenj@gentoo.org - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+iAbNfT7nyhUpoZMRAuQWAJ9DKi8B6JxgHVyxRLZfM1e5N0YyNQCgqM7Y NwuiPB4hihTbTLAXIKg9/J8= =RiMh -----END PGP SIGNATURE-----