[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVS: cvs.openbsd.org: src



CVSROOT:	/cvs
Module name:	src
Changes by:	miod_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org	2001/05/30 18:29:30

Modified files:
	gnu/usr.sbin/sendmail/libsmutil: Tag: OPENBSD_2_8 lockfile.c 
	                                 safefile.c snprintf.c strl.c 

Log message:
Pull in patch from current:
Errata(028):
The signal handlers in sendmail contain code that is unsafe in the
context of a signal handler.  This leads to potentially serious race
conditions.  At the moment this is a theoretical attack only and can
only be exploited on the local host (if at all).
Fix(millert):
Update to sendmail 8.11.4:
8.11.4 revamps signal handling within the MTA in order to reduce
the likelihood of a race condition that can lead to heap
corruption as described in Michal Zalewski's advisory.  The
problems discussed in the advisory are not currently known to
be exploitable but we recommend upgrading to 8.11.4 in case a
method is found to exploit the signal handling race condition.
8.11.4 also fixes other bugs found since the release of 8.11.3.

See the RELEASE_NOTES file for more details.