Hello all at 3000-l,

Karl Hancock sez:
--------------------------------------------------
Sendmail on Linux systems recently required a
patch to eliminate a vulnerability.  Does the
current version that ships with MPE/iX 7.0 pp2
need a patch?

Is there a method for installing patches under
posix?
--------------------------------------------------

Answers:

CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail

This is for the most part a non-issue on the HP-e3000 as stack
overflows cannot be exploited to execute arbitrary hacker code on MPE
and Sendmail process aborts on MPE are just a minor annoyance thus a
lost of service will not be detected by other users of the HP-e3000
Sendmail.

03/24/03 Sendmail patches 7.0 SMLHD03A and 7.5 SMLHD04A are moved to
General Release.  I checked the HP-ITRC and the Sendmail patches are
available to download.

Sendmail patches are installed with the normal MPE patch process,
PATCHIX or AUTOPAT.

Patch 7.0 SMLHD03 can not be installed unless Sendmail (patch SMLGDT8)
is already installed.  Patch SMLGDT8 and SMLHD03 can not be installed
in the same patch run.

Regards,

James Hofmeister
Hewlett Packard - Global Solutions Engineering (WTEC)
P.S. My Ideals are my own, not necessarily my employers.




________________________________________________________________
Sign Up for Juno Platinum Internet Access Today
Only $9.95 per month!
Visit www.juno.com

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *