RHN Errata Alert: Updated Sendmail packages fix vulnerabilit



Red Hat Network has determined that the following advisory is applicable to
one or more of the systems you have registered:

Complete information about this errata can be found at the following location:

Security Advisory - RHSA-2003:283-09
Updated Sendmail packages fix vulnerability.

Updated Sendmail packages that fix a potentially-exploitable vulnerability
are now available.

Sendmail is a widely used Mail Transport Agent (MTA) and is included in all
Red Hat Linux distributions.

Michal Zalewski found a bug in the prescan() function of unpatched Sendmail
versions prior to 8.12.10. The sucessful exploitation of this bug can lead
to heap and stack structure overflows. Although no exploit currently
exists, this issue is locally exploitable and may also be remotely
exploitable. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0694 to this issue.

Additionally, for Red Hat Linux 8.0 and 9 we have included a fix for a
potential buffer overflow in ruleset parsing. This problem is not
exploitable in the default sendmail configuration; it is exploitable only
if non-standard rulesets recipient (2), final (4), or mailer-specific
envelope recipients rulesets are used. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2003-0681 to
this issue.

All users are advised to update to these erratum packages containing a
backported patch which corrects these vulnerabilities.