I'm using the security scanning service from www.controlscan.com, and recently it started failing my box for this error:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1490
yum update sendmail gives me one package that is already installed, and I have tried to figure this out, in particular with reference to this thread:
https://www.centos.org/modules/newbb/viewtopic.php?forum=34&topic_id=3487&viewmode=threaded
But what I don't understand is that this advisory came up recently, and with no Sendmail patches for a while, I don't see how my yum installed version can be patched for this.
Is CentOS 4 safe from this issue? Is Controlscan just getting it wrong?
Sendmail Update a Risk?
- AlanBartlett
- Forum Moderator
- Posts: 9326
- Joined: 2007/10/22 11:30:09
- Location: ~/Earth/UK/England/Suffolk
- Contact:
Sendmail Update a Risk?
[quote]Is CentOS 4 safe from this issue? Is Controlscan just getting it wrong?[/quote]
You can answer the first question by looking at the change log for the [i]CentOS[/i] / [i]RHEL[/i] package.
To your second question, I will suggest that [i]probably[/i] is the correct answer. Most of these systems offer wrong "[i]advice[/i]", as they are naively constructed without an understanding of [url=http://www.redhat.com/security/updates/backporting/]upstream's policy of back-porting security fixes[/url] and just look at a package version number.
In general, I would advise that you keep your system fully up to date -- you should be using [i]CentOS 4.7[/i] at present. ([i]C 4.8[/i] is currently in the QA phase, if I am not mistaken.)
You can answer the first question by looking at the change log for the [i]CentOS[/i] / [i]RHEL[/i] package.
To your second question, I will suggest that [i]probably[/i] is the correct answer. Most of these systems offer wrong "[i]advice[/i]", as they are naively constructed without an understanding of [url=http://www.redhat.com/security/updates/backporting/]upstream's policy of back-porting security fixes[/url] and just look at a package version number.
In general, I would advise that you keep your system fully up to date -- you should be using [i]CentOS 4.7[/i] at present. ([i]C 4.8[/i] is currently in the QA phase, if I am not mistaken.)