|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Does the patching procedure work?
From: Brett Glass (brett
lariat.org)
Date: Wed Mar 05 2003 - 13:17:25 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 12:09 PM 3/5/2003, Jacques A. Vidrine wrote:
>If this machine had been kept up-to-date (i.e. was 4.5-RELEASE-p22 or
>more recent, or had the previous sendmail bug patched), then the patch
>would probably have worked out.
It did have periodic patches as needed.
>Lucky? Hrmpf, a system administrator has to be careful.
Call it what you will. I suspect that it has slipped by others.
>> What I have done on that machine is install the 4.6 binary,
>> which seems to run just fine on 4.5 and even 4.4 (though
>> you may need to add the misssing group).
>
>Cool.
You may want to mention this in the advisory.
>> Patches should be provided back to 4.4, IMHO.
>
>Um, in this case, they were provided all the way back to 3.x.
Nope. The revised advisory published to -announce provided only one patch, at
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail.patch
and it failed to apply completely. No other patch was offered. There
were replacement binaries for 5.0, 4.7, and 4.6, which does not go back
a full year.
There really should be support for each release for a year.
--Brett
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]