diff options
author | tv <tv> | 2006-03-22 21:19:06 +0000 |
---|---|---|
committer | tv <tv> | 2006-03-22 21:19:06 +0000 |
commit | c8b538cd4c77e22e696fd53820a833d726c56cd5 (patch) | |
tree | d7b3690a614b9eae95edb04373d86e39fbc56268 /net | |
parent | 2d6f76185795d47a41f7540c46543c12ffe9010c (diff) | |
download | pkgsrc-c8b538cd4c77e22e696fd53820a833d726c56cd5.tar.gz |
Update sendmail (with vendor patch) to address the current security issue:
http://www.kb.cert.org/vuls/id/834865
Bump to nb2.
This will change the internal version of sendmail to 8.12.11.20060308.
> SECURITY: Replace unsafe use of setjmp(3)/longjmp(3) in the server
> and client side of sendmail with timeouts in the libsm I/O
> layer and fix problems in that code. Also fix handling of
> a buffer in sm_syslog() which could have been used as an
> attack vector to exploit the unsafe handling of
> setjmp(3)/longjmp(3) in combination with signals.
> Problem detected by Mark Dowd of ISS X-Force.
> Handle theoretical integer overflows that could triggered if
> the server accepted headers larger than the maximum
> (signed) integer value. This is prevented in the default
> configuration by restricting the size of a header, and on
> most machines memory allocations would fail before reaching
> those values. Problems found by Phil Brass of ISS.
Diffstat (limited to 'net')
0 files changed, 0 insertions, 0 deletions