Dear All, I noticed that sendmail rpms were updated by yum a day or so ago, however, how can I check if the versions installed are patched for the recently exposed exploit.... I guess that since I am running sendmail-8.13.1-3 (which appears to be the latest according to yum) and the articles describe 8.13.6 as having the fix that I may be vulnerable.... P.
Peter Farrow wrote:> Dear All, > > I noticed that sendmail rpms were updated by yum a day or so ago, > however, how can I check if the versions installed are patched for the > recently exposed exploit.... > > I guess that since I am running sendmail-8.13.1-3 (which appears to be > the latest according to yum) and the articles describe 8.13.6 as > having the fix that I may be vulnerable.... > > P. > > > > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > >http://lists.centos.org/pipermail/centos-announce/2006-March/001274.html and http://www.redhat.com/advice/speaks_backport.html Leonel
On Mon, 2006-03-27 at 11:34 -0700, Leonel Nunez wrote:> Peter Farrow wrote: > > Dear All, > > > > I noticed that sendmail rpms were updated by yum a day or so ago, > > however, how can I check if the versions installed are patched for the > > recently exposed exploit.... > > > > I guess that since I am running sendmail-8.13.1-3 (which appears to be > > the latest according to yum) and the articles describe 8.13.6 as > > having the fix that I may be vulnerable.... > > > > P. > > > > > > > > _______________________________________________ > > CentOS mailing list > > CentOS@centos.org > > http://lists.centos.org/mailman/listinfo/centos > > > > > > > http://lists.centos.org/pipermail/centos-announce/2006-March/001274.html > > and > > http://www.redhat.com/advice/speaks_backport.html---- those are rather passive options... rpm -q --changelog sendmail|less would be more specific to his question on his machine. Craig
On a side note the upstream updated Squirrelmail in Fedora but not RHEL after the recent security issues, anyone know why ? (Even Debian updated it)> Dear All, > > I noticed that sendmail rpms were updated by yum a day or so ago, > however, how can I check if the versions installed are patched for the > recently exposed exploit.... > > I guess that since I am running sendmail-8.13.1-3 (which appears to be > the latest according to yum) and the articles describe 8.13.6 as > having the fix that I may be vulnerable.... >
There is a vulnerability in Squirrel mail, don''t know why Fedora would be updated but not RHEL... http://www.sans.org/resources/malwarefaq/squirrelmail.php P. Tony Wicks wrote:> On a side note the upstream updated Squirrelmail in Fedora but not > RHEL after the recent security issues, anyone know why ? (Even Debian > updated it) >> Dear All, >> >> I noticed that sendmail rpms were updated by yum a day or so ago, >> however, how can I check if the versions installed are patched for >> the recently exposed exploit.... >> >> I guess that since I am running sendmail-8.13.1-3 (which appears to >> be the latest according to yum) and the articles describe 8.13.6 as >> having the fix that I may be vulnerable.... >> > > > _______________________________________________ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos >