HP3000-L Archives

March 2003, Week 4

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Sendmail and latest patch
From:
Mark Bixby <[log in to unmask]>
Reply To:
Mark Bixby <[log in to unmask]>
Date:
Mon, 24 Mar 2003 16:52:30 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (31 lines) 
Karl Hancock wrote:
> Sendmail on Linux systems recently required a patch to eliminate a
> vulnerability.  Does the current version that ships with MPE/iX 7.0 pp2 need
> a patch?  Is there a method for installing patches under posix?

The following Sendmail patches just GR-ed for MPE a few hours ago (which means
they might not show up for download via the ITRC until tomorrow):

7.0 SMLHD03A
7.5 SMLHD04A

These patches fix the recent security problem described at
http://www.cert.org/advisories/CA-2003-07.html which on MPE manifests itself as
more of an annoying denial of service issue rather than a nasty execution of
arbitrary hacker code issue.

An HP Security Bulletin should be coming soon to announce the availability of
these patches.

These patches are for people running HP-supported Sendmail 8.12.1 A.01.00 on
MPE 7.0 and 7.5.  If you are running unsupported versions of sendmail on
earlier versions of MPE, manually extracting the SENDMAIL NMPRG from either of
these patches and then installing it in the appropriate place on your system
should work.
--
[log in to unmask]
Remainder of .sig suppressed to conserve expensive California electrons...

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2