-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1997.10: Security updates to sendmail

Caldera Security Advisory SA-1997.10

Original report date:  14-Jun-1997
RPM build date:        16-Jun-1997
Original issue date:   22-Jul-1997
Last revised:          22-Jul-1997

Topic: Security updates to sendmail

I. Problem Description

  Sendmail 8.8.6 has been released.  This version contains many
  bug fixes (and no new features).  A few of these fixes are
  security related, although most of these are specific to unusual
  circumstances (e.g., obsolete versions of HP-UX that didn't
  implement the O_EXCL open bit properly, or problems resulting from
  systems that put database maps into world writable directories).
  Complete RELEASE_NOTES for this release are included in the source
  RPM.

II. Impact

  The list of changes in this release is long.  As mentioned above,
  most are not security related.  But those that are security related
  are documented in the lengthy RELEASE_NOTES file that can be found
  in the source RPM.

III. Solution

  Install the new sendmail 8.8.6 packages, as described below.
  These packages are located on Caldera's FTP server (ftp.caldera.com):

  ftp://ftp.caldera.com/pub/openlinux/updates/1.1/current/

  The MD5 checksum (from the "md5sum" command) for these package are:
  0360c84a4e69ac78f8512659c2012441  RPMS/sendmail-8.8.6-1.i386.rpm
  d73d10ed515a39f8218af6c9599313a5  RPMS/sendmail-cf-8.8.6-1.i386.rpm
  a6b771657f9e7203f9217ab84cce4007  RPMS/sendmail-doc-8.8.6-1.i386.rpm
  e6b89f61566ef69b3d3ccfaa9a0b7bff  SRPMS/sendmail-8.8.6-1.src.rpm
        
  Please follow these instructions precisely to update any older
  version of sendmail that may be on your system:

  /etc/rc.d/init.d/mta stop
  rpm -q sendmail-doc && rpm -U RPMS/sendmail-doc-8.8.6-1.i386.rpm
  rpm -q sendmail-cf && rpm -U RPMS/sendmail-cf-8.8.6-1.i386.rpm
  rpm -e sendmail && rpm -i RPMS/sendmail-8.8.6-1.i386.rpm
  [ -e /etc/sendmail.cf.rpmsave ] && echo "configuration changed..."
  /etc/rc.d/init.d/mta start

  Note: One must perform the updates in the order shown above to avoid
  having rpms conflict during the upgrade.

  Note: The warning message 
  "cannot remove /usr/share/sendmail - directory not empty"
  during installation of sendmail-cf can be safely ignored.

  Note: /etc/sendmail.cf has changed quite a bit -- overwriting it with
  a potential /etc/sendmail.cf.rpmsave is NOT a viable option! Previous
  changes have to be re-applied (preferably with m4 and .mc files).

IV. References / Credits

  This and other Caldera security resources are located at:

    http://www.caldera.com/tech-ref/security/

  This advisory is based on a the sendmail upgrade announced to the
  BUGTRAQ email list by Eric Allman - message id:

    <199706142156.OAA18269@knecht.Oxford.Reference.COM>

  See also the Sendmail Home Page:

    http://www.sendmail.org/

  Sendmail has a Usenet newsgroup: comp.mail.sendmail.

  This advisory closes Caldera's internal bug report #804.

  $Id: SA-1997.10,v 1.2 1997/07/23 02:12:09 ron Exp $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBM9Vonen+9R4958LpAQGz5wQAslufeelpd3+pSdgS8o8RuO+MdncPniYW
izXYYa979TfCsy+0iZ1T8cbqZW8Esyifvq3Ui2qIMld5PKawslVlxZ/XxlyZmmS+
FbUfeiglABTHYKKV18uqUHJvvL+Oz+u3aLwV+jrgCcX0XjHNRR3RPbPKEnEIOckT
dXYBtOCWnRc=
=3eJB
-----END PGP SIGNATURE-----