Sendmail Update a Risk?

Support for security such as Firewalls and securing linux
Post Reply
Posts: 12
Joined: 2008/04/17 21:11:54

Sendmail Update a Risk?

Post by Likeless » 2009/06/15 19:39:31

I'm using the security scanning service from, and recently it started failing my box for this error:

yum update sendmail gives me one package that is already installed, and I have tried to figure this out, in particular with reference to this thread:

But what I don't understand is that this advisory came up recently, and with no Sendmail patches for a while, I don't see how my yum installed version can be patched for this.

Is CentOS 4 safe from this issue? Is Controlscan just getting it wrong?

User avatar
Forum Moderator
Posts: 9326
Joined: 2007/10/22 11:30:09
Location: ~/Earth/UK/England/Suffolk

Sendmail Update a Risk?

Post by AlanBartlett » 2009/06/16 13:39:16

[quote]Is CentOS 4 safe from this issue? Is Controlscan just getting it wrong?[/quote]
You can answer the first question by looking at the change log for the [i]CentOS[/i] / [i]RHEL[/i] package.

To your second question, I will suggest that [i]probably[/i] is the correct answer. Most of these systems offer wrong "[i]advice[/i]", as they are naively constructed without an understanding of [url=]upstream's policy of back-porting security fixes[/url] and just look at a package version number.

In general, I would advise that you keep your system fully up to date -- you should be using [i]CentOS 4.7[/i] at present. ([i]C 4.8[/i] is currently in the QA phase, if I am not mistaken.)

Post Reply

Return to “CentOS 4 - Security Support”