sendmail새버전이 나왔습니다. 보안문제로 인한 릴리즈이니 ftp://mirror.oops.org나
아래링크에서 새버전을 설치하시기 바랍니다.
아래는 sendmail.org의 릴리즈 내용입니다.
-----------------------------------------------------------------------

Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.12.5. This version fixes a theoretical buffer overflow in a part of the code that is not used by any configuration shipped with sendmail. It affects the dns map if used with the type TXT and a compromised or rogue DNS server is queried. If you use a custom dns map definition to query DNS TXT records, e.g.,

Kdnstxt dns -R TXT

then you should upgrade to 8.12.5. Other changes are listed in the release notes below.
The version can be found at

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.Z
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.5.tar.sig

MD5 signatures:
f2543e253e1c035f99369ba4067bf87c sendmail.8.12.5.tar.gz
a27e1cd63bcaf4b9cc9351140d68587c sendmail.8.12.5.tar.Z
be3d9a832efc4308bc3d4262f7d464c1 sendmail.8.12.5.tar.sig

You only need one of the first two files (either the gzip'ed version or the compressed version). The .sig file contains the PGP signature of the tar file (after uncompressing it). The PGP signature was created using the Sendmail Signing Key/2002, available on the web site (http://www.sendmail.org/) or on the public key servers.

Since sendmail 8.11 and later includes hooks to cryptography, the following information from OpenSSL applies to sendmail as well.

PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.

8.12.5/8.12.5 2002/06/25
SECURITY: The DNS map can cause a buffer overflow if the user
specifies a dns map using TXT records in the configuration
file and a rogue DNS server is queried. None of the
sendmail supplied configuration files use this option hence
they are not vulnerable. Problem noted independently by
Joost Pol of PINE Internet and Anton Rang of Sun Microsystems.
Unprintable characters in responses from DNS servers for the DNS
map type are changed to 'X' to avoid potential problems
with rogue DNS servers.
Require a suboption when setting the Milter option. Problem noted
by Bryan Costales.
Do not silently overwrite command line settings for
DirectSubmissionModifiers. Problem noted by Bryan
Costales.
Prevent a segmentation fault when clearing the event list by
turning off alarms before checking if event list is
empty. Problem noted by Allan E Johannesen of Worcester
Polytechnic Institute.
Close a potential race condition in transitioning a memory buffered
file onto disk. From Janani Devarajan of Sun Microsystems.
Portability:
Include paths.h on Linux systems running glibc 2.0 or later
to get the definition for _PATH_SENDMAIL, used by
rmail and vacation. Problem noted by Kevin
A. McGrail of Peregrine Hardware.
NOTE: Linux appears to have broken flock() again. Unless
the bug is fixed before sendmail 8.13 is shipped,
8.13 will change the default locking method to
fcntl() for Linux kernel 2.4 and later. You may
want to do this in 8.12 by compiling with
-DHASFLOCK=0. Be sure to update other sendmail
related programs to match locking techniques.

관련 링크: http://www.sendmail.org

'News' 카테고리의 다른 글

The PHP Accelerator 1.3.3 Release  (0) 2002.10.08
iptables v1.2.7a Releases  (0) 2002.09.23
Mozilla 1.1 Release  (0) 2002.08.28
소리바다 서비스 재개  (0) 2002.08.24
PHPA Version 1.3.2 Revision 2 Released  (1) 2002.08.12

+ Recent posts