Sendmail Update a Risk?

[Likeless]

I'm using the security scanning service from www.controlscan.com, and recently it started failing my box for this error:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1490

yum update sendmail gives me one package that is already installed, and I have tried to figure this out, in particular with reference to this thread:
https://www.centos.org/modules/newbb/viewtopic.php?forum=34&topic_id=3487&viewmode=threaded

But what I don't understand is that this advisory came up recently, and with no Sendmail patches for a while, I don't see how my yum installed version can be patched for this.

Is CentOS 4 safe from this issue? Is Controlscan just getting it wrong?

[AlanBartlett]

[quote]Is CentOS 4 safe from this issue? Is Controlscan just getting it wrong?[/quote]
You can answer the first question by looking at the change log for the [i]CentOS[/i] / [i]RHEL[/i] package.

To your second question, I will suggest that [i]probably[/i] is the correct answer. Most of these systems offer wrong "[i]advice[/i]", as they are naively constructed without an understanding of [url=http://www.redhat.com/security/updates/backporting/]upstream's policy of back-porting security fixes[/url] and just look at a package version number.

In general, I would advise that you keep your system fully up to date -- you should be using [i]CentOS 4.7[/i] at present. ([i]C 4.8[/i] is currently in the QA phase, if I am not mistaken.)