Contributed by jose on from the MTA-security dept.
UPDATE Todd Miller has posted an announcement to security-announce about this issue.
(Comments are closed)
OpenBSD Journal
Contributed by jose on from the MTA-security dept.
(Comments are closed)
Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Anonymous Coward () on
Note that this is the second revision of the patch that includes
an unrelated (and less critical) fix from Sendmail 8.12.10. That
fix is not included in OpenBSD 3.4 or the 3.4 snapshots as it
can only be triggered by non-standard rulesets.
Comments
By gwyllion () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By gwyllion () on
By Anonymous Coward () on
Comments
By Anonymous Coward () on
I'm looking forward to see sendmail-9.
Comments
By tedu () on
By Anonymous Coward () on
By Steph L () on
See http://www.sendmail.org/~ca/email/sm-9-rfh.html
People with time & knowledge can push ideas
and make it better ...
Sendmail 9 is likely to be as good as Postfix ...
By Juanjo () on
I do binary updates in order to *fix* all my OpenBSD systems.
$ DESTDIR=/tmp/fake/ make install does the trick (well, you need to create needed directories into /tmp/fake or make install will fail).
After that I create a tgz from that fake contents and I install it in the affected systems like a base set (tar xvfzp -.tgz from /).
It's about 20 minutes each binary update, but I wonder why OpenBSD does not release official binary updates together with the source patch, at least for maintained releases.
Since you need to apply source patches and recompile, seems OpenBSD it's not a good choice to be as development system (if you keep in mind other UNIX-like can do the work with a simpe apt-get update && apt-get upgrade or whatever).
By Teeeo () on
Comments
By Brian () on
Comments
By gustavo () on
mind. Hopefully we are testing systrace all around some servers and soon release something
to "public".
Stay tuned and take a look at it(systrace), every
comment is welcome.
P.S.: idea behind systrace is another level of
help and not advocate "instant security".
By Arrigo Triulzi () on http://www.alchemistowl.org/arrigo
The patch for 3.2 does not patch cleanly but the only reject is an
int maxatom;
which needs to be added at the begging of function buildaddr() in parseaddr.c:1833.
The actual output from the patching is:
Patching file gnu/usr.sbin/sendmail/sendmail/parseaddr.c using Plan A...
Hunk #1 succeeded at 666 (offset -34 lines).
Hunk #2 succeeded at 1003 (offset -1 lines).
Hunk #3 failed at 1871.
Hunk #4 succeeded at 1852 (offset -35 lines).
Hunk #5 succeeded at 1910 (offset -17 lines).
Hunk #6 succeeded at 1918 (offset -35 lines).
Hunk #7 succeeded at 2037 (offset -21 lines).
Hunk #8 succeeded at 2054 (offset -35 lines).
1 out of 8 hunks failed--saving rejects to gnu/usr.sbin/sendmail/sendmail/parseaddr.c.rej
(notice the offsets).