Page 1 of 1
Posted: 2006/03/27 08:53:19
There is a security update for Sendmail (see http://www.sendmail.org/8.13.6.html).
What is the best way to update this? yum update sendmail doesn't find any updates. I tried adding in the Fedora Core repo's which include the update but they throw up loads of dependency issues.
I can build it from the source, but have a lot of boxes to install it on and don't want to have to do this for each and every one.
Is there a suggested way to do this?
Posted: 2006/03/27 12:13:39
Only a few days ago, there was an update to sendmail in RHEL4/CentOS 4 addressing that issue. See [url=https://rhn.redhat.com/errata/RHSA-2006-0264.html]RHSA-2006:0264-8[/url]
The updated sendmail package is [b]sendmail-8.13.1-3.RHEL4.3[/b] and might be on your machines already.
Don't be fooled by the fact that it says version "8.13" - there are lots of security fixes from later sendmail versions [i]backported[/i] to it. The same thing goes for most other RHEL/CentOS packages - things get backported. Therefore, a CentOS "8.13" sendmail is not equivalent to a clean 8.13 from the sendmail project itself.
Check it with
[code]rpm -q sendmail[/code]
The suggested (ie the normal) method of ensuring you have an updated system is either
[code]yum -y update[/code]which will update everything that needs updating or
[code]yum -y update sendmail[/code]which you have already tried. Seeing as how that didn't do anything, it's likely you already have the patched sendmail package. (Which, again, is [b]sendmail-8.13.1-3.RHEL4.3[/b])
[b][u]Words of advice[/u][/b]
Do NOT EVER add any Fedora Core repositories to your CentOS machines. That's a surefire recipe for troubles...
Keep your CentOS machines' yum configs as they are and stay on top of security advisories by reading the [url=http://lists.centos.org/mailman/listinfo/centos-announce]CentOS Announce[/url] mailing list.