similar to: FreeBSD Security Advisory FreeBSD-SA-03:07.sendmail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:07.sendmail Security Advisory The FreeBSD Project Topic: a second sendmail header parsing buffer overflow Category: contrib Module:

From bugtraq :-( >-----BEGIN PGP SIGNED MESSAGE----- > >Sendmail, Inc., and the Sendmail Consortium announce the availability >of sendmail 8.12.9. It contains a fix for a critical security >problem discovered by Michal Zalewski whom we thank for bringing >this problem to our attention. Sendmail urges all users to either >upgrade to sendmail 8.12.9 or apply a patch for

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:13.sendmail Security Advisory The FreeBSD Project Topic: a third sendmail header parsing buffer overflow Category: contrib Module:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:13.sendmail Security Advisory The FreeBSD Project Topic: a third sendmail header parsing buffer overflow Category: contrib Module:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:13.sendmail Security Advisory The FreeBSD Project Topic: Race condition in sendmail Category: contrib Module: contrib_sendmail Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:17.sendmail Security Advisory The FreeBSD Project Topic: Incorrect multipart message handling in Sendmail Category: contrib Module:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:17.sendmail Security Advisory The FreeBSD Project Topic: Incorrect multipart message handling in Sendmail Category: contrib Module:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:07.bind Security Advisory The FreeBSD Project Topic: Predictable query ids in named(8) Category: contrib Module: bind Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:07.bind Security Advisory The FreeBSD Project Topic: Predictable query ids in named(8) Category: contrib Module: bind Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:20.bind Security Advisory The FreeBSD Project Topic: Denial of Service in named(8) Category: contrib Module: bind Announced: 2006-09-06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:14.bzip2 Security Advisory The FreeBSD Project Topic: bzip2 denial of service and permission race vulnerabilities Category: contrib Module:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:14.bzip2 Security Advisory The FreeBSD Project Topic: bzip2 denial of service and permission race vulnerabilities Category: contrib Module:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:20.bind Security Advisory The FreeBSD Project Topic: Denial of Service in named(8) Category: contrib Module: bind Announced: 2006-09-06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:23.openssl Security Advisory The FreeBSD Project Topic: Multiple problems in crypto(3) Category: contrib Module: openssl Announced:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:23.openssl Security Advisory The FreeBSD Project Topic: Multiple problems in crypto(3) Category: contrib Module: openssl Announced:

More patch-o-rama :-( ---Mike >From: Michal Zalewski <lcamtuf@dione.ids.pl> >To: bugtraq@securityfocus.com, <vulnwatch@securityfocus.com>, > <full-disclosure@netsys.com> >X-Nmymbofr: Nir Orb Buk >Subject: [Full-Disclosure] Sendmail 8.12.9 prescan bug (a new one) >[CAN-2003-0694] >Sender: full-disclosure-admin@lists.netsys.com >X-BeenThere:

A few weeks back I upgraded my mail server to -STABLE from a 4.2-STABLE incarnation that had been running for years. Part of recompiling everything on the box involved disassociating my use of the sendmail port I was using and to use the base sendmail in -STABLE. -STABLE builds with libmilter, so I simply recompiled one of my milter clients with the milter headers, objs, etc that were produced

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:02.bind Security Advisory The FreeBSD Project Topic: Multiple Denial of Service vulnerabilities in named(8) Category: contrib Module: bind

You've probably already seen the latest sendmail vulnerability. http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html I believe you can apply the following patch to any of the security branches: http://cvsweb.freebsd.org/src/contrib/sendmail/src/parseaddr.c.diff?r1=1.1.1.17&r2=1.1.1.18 Download the patch and: # cd /usr/src # patch -p1 < /path/to/patch #

You've probably already seen the latest sendmail vulnerability. http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html I believe you can apply the following patch to any of the security branches: http://cvsweb.freebsd.org/src/contrib/sendmail/src/parseaddr.c.diff?r1=1.1.1.17&r2=1.1.1.18 Download the patch and: # cd /usr/src # patch -p1 < /path/to/patch #