Contributed by jose on from the this-really-sucks! dept.
"Look at http://www.sendmail.org/patchps.html "Todd Miller just sent out an announcement describing how this is fixed in 3.3, -current (which is now post 3.3), and the stable trees for 3.2 and 3.1. Patch 014 for 3.2-stable, patch 027 for 3.1-stable, and its fixed in OpenBSD-current (and OpenBSD 3.3) by updating to Sendmail 8.12.9. From Todd's advisory,
The sendmail in OpenBSD-current (and OpenBSD 3.3) has been updated to version 8.12.9 which includes a fix for this problem. The 3.1 and 3.2 -stable branches have had a patch applied that fixes the buffer overflow. However, because the -stable branches have the specific vulnerability patched (as opposed to the full 8.12.9 distribution), sendmail on -stable will report the old sendmail version.Many thanks to Todd Miller, Miod, and Brad for information.
(Comments are closed)