Sendmail Update

Support for security such as Firewalls and securing linux
Post Reply
markvr
Posts: 1
Joined: 2006/03/27 08:46:00

Sendmail Update

Post by markvr » 2006/03/27 08:53:19

There is a security update for Sendmail (see http://www.sendmail.org/8.13.6.html).

What is the best way to update this? yum update sendmail doesn't find any updates. I tried adding in the Fedora Core repo's which include the update but they throw up loads of dependency issues.

I can build it from the source, but have a lot of boxes to install it on and don't want to have to do this for each and every one.

Is there a suggested way to do this?

Cheers!
Mark

jowa
Posts: 75
Joined: 2005/07/10 14:42:39

Sendmail Update

Post by jowa » 2006/03/27 12:13:39

Only a few days ago, there was an update to sendmail in RHEL4/CentOS 4 addressing that issue. See [url=https://rhn.redhat.com/errata/RHSA-2006-0264.html]RHSA-2006:0264-8[/url]

The updated sendmail package is [b]sendmail-8.13.1-3.RHEL4.3[/b] and might be on your machines already.
Don't be fooled by the fact that it says version "8.13" - there are lots of security fixes from later sendmail versions [i]backported[/i] to it. The same thing goes for most other RHEL/CentOS packages - things get backported. Therefore, a CentOS "8.13" sendmail is not equivalent to a clean 8.13 from the sendmail project itself.


Check it with
[code]rpm -q sendmail[/code]

The suggested (ie the normal) method of ensuring you have an updated system is either
[code]yum -y update[/code]which will update everything that needs updating or
[code]yum -y update sendmail[/code]which you have already tried. Seeing as how that didn't do anything, it's likely you already have the patched sendmail package. (Which, again, is [b]sendmail-8.13.1-3.RHEL4.3[/b])

[b][u]Words of advice[/u][/b]
Do NOT EVER add any Fedora Core repositories to your CentOS machines. That's a surefire recipe for troubles...

Keep your CentOS machines' yum configs as they are and stay on top of security advisories by reading the [url=http://lists.centos.org/mailman/listinfo/centos-announce]CentOS Announce[/url] mailing list.

Post Reply

Return to “CentOS 4 - Security Support”