Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Five Mandrake Linux Security Update Advisories: fetchmail, xli, WindowMaker, sendmail, xinetd

Sep 02, 2001, 06:59 (0 Talkback[s])
Date: Fri, 31 Aug 2001 15:04:11 -0600
From: Linux Mandrake Security Team <security@linux-mandrake.com>
Subject: MDKSA-2001:072 - fetchmail update

______________________________________________________________________

                Mandrake Linux Security Update Advisory
______________________________________________________________________

Package name:           fetchmail
Date:                   August 31st, 2001
Advisory ID:            MDKSA-2001:072

Affected versions:      7.1, 7.2, 8.0, Corporate Server 1.0.1
______________________________________________________________________

Problem Description:

 A vulnerability was found by Salvatore Sanfilippo in both the IMAP and 
 POP3 code of fetchmail where the input is not verified and no bounds 
 checking is done.  This can be exploited by a remote attacker to write
 arbitrary data into memory.  The attacker must have control of the mail
 server the client is connecting to via fetchmail in order to exploit
 this vulnerability.
______________________________________________________________________

References:

______________________________________________________________________

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:
  rpm --checksig package.rpm
You can get the GPG public key of the Mandrake Linux Security Team at
  http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS
If you use MandrakeUpdate, the verification of md5 checksum and GPG
signature is performed automatically for you.

Linux-Mandrake 7.1:
ff5474afdc3969147bb460561327c6d0  7.1/RPMS/fetchmail-5.3.8-4.2mdk.i586.rpm
32f4be82c09adfbe0c61ce748982c4f8  7.1/RPMS/fetchmailconf-5.3.8-4.2mdk.i586.rpm
12d83eef760314bd3ecfacf9910e0119  7.1/SRPMS/fetchmail-5.3.8-4.2mdk.src.rpm

Linux-Mandrake 7.2:
30968c4a530d86aef6eb8a035e1fb0f4  7.2/RPMS/fetchmail-5.5.2-5.2mdk.i586.rpm
691a814f4bf4d42c9a9175a393be1861  7.2/RPMS/fetchmail-daemon-5.5.2-5.2mdk.i586.rpm
a757421dc5d03124a64c360631d6bdd9  7.2/RPMS/fetchmailconf-5.5.2-5.2mdk.i586.rpm
654e13cf2049db36d4f7ddc9ed8a7e01  7.2/SRPMS/fetchmail-5.5.2-5.2mdk.src.rpm

Mandrake Linux 8.0:
d3d60c3ff5b5a07869a10b3f9519a592  8.0/RPMS/fetchmail-5.7.4-5.2mdk.i586.rpm
c7eb824dd7f7b4cd5144bf9d13608388  8.0/RPMS/fetchmail-daemon-5.7.4-5.2mdk.i586.rpm
dd686925435feb7777ff93e19e136897  8.0/RPMS/fetchmailconf-5.7.4-5.2mdk.i586.rpm
9bfd4b3ee6f4f4dab297d735eb5c81c4  8.0/SRPMS/fetchmail-5.7.4-5.2mdk.src.rpm

Mandrake Linux 8.0 (PPC):
e04c544cfd8eb8f4d76bde638a462b0e  ppc/8.0/RPMS/fetchmail-5.7.4-5.2mdk.ppc.rpm
25af9f4b03072a6a55927da8469c1b12  ppc/8.0/RPMS/fetchmail-daemon-5.7.4-5.2mdk.ppc.rpm
49712c3b104eeace680f92cd61de933c  ppc/8.0/RPMS/fetchmailconf-5.7.4-5.2mdk.ppc.rpm
4302ccfec542787c01bea6518df42920  ppc/8.0/SRPMS/fetchmail-5.7.4-5.2mdk.src.rpm

Corporate Server 1.0.1:
ff5474afdc3969147bb460561327c6d0  1.0.1/RPMS/fetchmail-5.3.8-4.2mdk.i586.rpm
32f4be82c09adfbe0c61ce748982c4f8  1.0.1/RPMS/fetchmailconf-5.3.8-4.2mdk.i586.rpm
12d83eef760314bd3ecfacf9910e0119  1.0.1/SRPMS/fetchmail-5.3.8-4.2mdk.src.rpm
______________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):

______________________________________________________________________

To upgrade automatically, use MandrakeUpdate.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".

You can download the updates directly from one of the mirror sites
listed at:

  http://www.linux-mandrake.com/en/ftp.php3.

Updated packages are available in the "updates/[ver]/RPMS/" directory.
For example, if you are looking for an updated RPM package for
Mandrake Linux 8.0, look for it in "updates/8.0/RPMS/".  Updated source
RPMs are available as well, but you generally do not need to download
them.

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other security advisories for Mandrake Linux at:

  http://www.linux-mandrake.com/en/security/

If you want to report vulnerabilities, please contact

  security@linux-mandrake.com
______________________________________________________________________

Mandrake Linux has two security-related mailing list services that
anyone can subscribe to:

security-announce@linux-mandrake.com

  Mandrake Linux's security announcements mailing list.  Only
  announcements are sent to this list and it is read-only.

security-discuss@linux-mandrake.com

  Mandrake Linux's security discussion mailing list.  This list is open
  to anyone to discuss Mandrake Linux security specifically and Linux
  security in general.

To subscribe to either list, send a message to
  sympa@linux-mandrake.com
with "subscribe [listname]" in the body of the message.

To remove yourself from either list, send a message to
  sympa@linux-mandrake.com
with "unsubscribe [listname]" in the body of the message.

To get more information on either list, send a message to
  sympa@linux-mandrake.com
with "info [listname]" in the body of the message.

Optionally, you can use the web interface to subscribe to or unsubscribe
from either list:

  http://www.linux-mandrake.com/en/flists.php3#security
______________________________________________________________________

Date: Fri, 31 Aug 2001 15:06:39 -0600
From: Linux Mandrake Security Team <security@linux-mandrake.com>
Subject: MDKSA-2001:076 - xinetd update


______________________________________________________________________

                Mandrake Linux Security Update Advisory
______________________________________________________________________

Package name:           xinetd
Date:                   August 31st, 2001
Advisory ID:            MDKSA-2001:076

Affected versions:      7.2, 8.0, Single Network Firewall 7.2
______________________________________________________________________

Problem Description:

 An audit has been performed on the xinetd 2.3.0 source code by Solar
 Designer for many different possible vulnerabilities.  The 2.3.1
 release incorporated his patches into the xinetd source tree.  The 
 audit was very thorough and found and fixed many problems.  This xinetd
 update includes his audit patch.
______________________________________________________________________

References:

  http://www.xinetd.org/#changes
______________________________________________________________________

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:
  rpm --checksig package.rpm
You can get the GPG public key of the Mandrake Linux Security Team at
  http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS
If you use MandrakeUpdate, the verification of md5 checksum and GPG
signature is performed automatically for you.

Linux-Mandrake 7.2:
a2173e85bed3b3173e040b242864dcc0  7.2/RPMS/xinetd-2.3.0-5.2mdk.i586.rpm
5b8663eeeefae36206b0003d61b67206  7.2/SRPMS/xinetd-2.3.0-5.2mdk.src.rpm

Mandrake Linux 8.0:
2f559b028fe14780460c37de5a521bce  8.0/RPMS/xinetd-2.3.0-5.1mdk.i586.rpm
81766c2104aa7e1f197dac9dce1c09af  8.0/RPMS/xinetd-ipv6-2.3.0-5.1mdk.i586.rpm
3f18d89cce258d2a71cc57c84068c8ce  8.0/SRPMS/xinetd-2.3.0-5.1mdk.src.rpm

Mandrake Linux 8.0 (PPC):
3826a60dc427f880056622df0ef086db  ppc/8.0/RPMS/xinetd-2.3.0-5.1mdk.ppc.rpm
223c5c1566adacb46d95de1a24842c19  ppc/8.0/RPMS/xinetd-ipv6-2.3.0-5.1mdk.ppc.rpm
3e1b86780d9f59088754cbca5ff55a08  ppc/8.0/SRPMS/xinetd-2.3.0-5.1mdk.src.rpm

Single Network Firewall 7.2:
a2173e85bed3b3173e040b242864dcc0  snf7.2/RPMS/xinetd-2.3.0-5.2mdk.i586.rpm
5b8663eeeefae36206b0003d61b67206  snf7.2/SRPMS/xinetd-2.3.0-5.2mdk.src.rpm
______________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):

______________________________________________________________________

To upgrade automatically, use MandrakeUpdate.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".

You can download the updates directly from one of the mirror sites
listed at:

  http://www.linux-mandrake.com/en/ftp.php3.

Updated packages are available in the "updates/[ver]/RPMS/" directory.
For example, if you are looking for an updated RPM package for
Mandrake Linux 8.0, look for it in "updates/8.0/RPMS/".  Updated source
RPMs are available as well, but you generally do not need to download
them.

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other security advisories for Mandrake Linux at:

  http://www.linux-mandrake.com/en/security/

If you want to report vulnerabilities, please contact

  security@linux-mandrake.com
______________________________________________________________________

Mandrake Linux has two security-related mailing list services that
anyone can subscribe to:

security-announce@linux-mandrake.com

  Mandrake Linux's security announcements mailing list.  Only
  announcements are sent to this list and it is read-only.

security-discuss@linux-mandrake.com

  Mandrake Linux's security discussion mailing list.  This list is open
  to anyone to discuss Mandrake Linux security specifically and Linux
  security in general.

To subscribe to either list, send a message to
  sympa@liMessage-ID: <20010831150638.F19560@mandrakesoft.com>
Mail-Followup-To: Linux Mandrake Security Announcements ,
        Linux Mandrake Security ,
        Bugtraq ,
        Linux Security List 
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
User-Agent: Mutt/1.3.15i
X-Mailer: Linux
X-loop: marty@linuxtoday.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1nux-mandrake.com
with "subscribe [listname]" in the body of the message.

To remove yourself from either list, send a message to
  sympa@linux-mandrake.com
with "unsubscribe [listname]" in the body of the message.

To get more information on either list, send a message to
  sympa@linux-mandrake.com
with "info [listname]" in the body of the message.

Optionally, you can use the web interface to subscribe to or unsubscribe
from either list:

  http://www.linux-mandrake.com/en/flists.php3#security




Date: Fri, 31 Aug 2001 15:04:47 -0600
From: Linux Mandrake Security Team 
Subject: MDKSA-2001:073 - xli update


______________________________________________________________________

                Mandrake Linux Security Update Advisory
______________________________________________________________________

Package name:           xli
Date:                   August 31st, 2001
Advisory ID:            MDKSA-2001:073

Affected versions:      7.1, 7.2, 8.0, Corporate Server 1.0.1
______________________________________________________________________

Problem Description:

 A buffer overflow exists in xli due to missing boundary checks.  This
 could be triggered by an external attacker to execute commands on the
 victim's machine.  An exploit is publically available.  xli is an image
 viewer that is used by Netscape's plugger to display TIFF, PNG, and
 Sun-Raster images.
______________________________________________________________________

References:

______________________________________________________________________

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:
  rpm --checksig package.rpm
You can get the GPG public key of the Mandrake Linux Security Team at
  http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS
If you use MandrakeUpdate, the verification of md5 checksum and GPG
signature is performed automatically for you.

Linux-Mandrake 7.1:
994bc689c7ab60fac976816abfa71a8e  7.1/RPMS/xli-1.16-4.1mdk.i586.rpm
32eebf37c2562a088409a31b363555c4  7.1/SRPMS/xli-1.16-4.1mdk.src.rpm

Linux-Mandrake 7.2:
2a4a20ba543f917b41ec8b92bda3107a  7.2/RPMS/xli-1.16-7.1mdk.i586.rpm
3cf0768d88055b81011b9d56224f3858  7.2/SRPMS/xli-1.16-7.1mdk.src.rpm

Mandrake Linux 8.0:
f1eff4c239eaebb0ff41f169de8ccd3e  8.0/RPMS/xli-1.17.0-1.1mdk.i586.rpm
b3aa5d5d8598e02c8bff9132dd312e06  8.0/SRPMS/xli-1.17.0-1.1mdk.src.rpm

Mandrake Linux 8.0 (PPC):
ae86f1d74de0a0b6fa15b699530a1c6d  ppc/8.0/RPMS/xli-1.17.0-1.1mdk.ppc.rpm
4608ff87dc4de7b0686ceb3a0a67b8dc  ppc/8.0/SRPMS/xli-1.17.0-1.1mdk.src.rpm

Corporate Server 1.0.1:
994bc689c7ab60fac976816abfa71a8e  1.0.1/RPMS/xli-1.16-4.1mdk.i586.rpm
32eebf37c2562a088409a31b363555c4  1.0.1/SRPMS/xli-1.16-4.1mdk.src.rpm
______________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):

______________________________________________________________________

To upgrade automatically, use MandrakeUpdate.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".

You can download the updates directly from one of the mirror sites
listed at:

  http://www.linux-mandrake.com/en/ftp.php3.

Updated packages are available in the "updates/[ver]/RPMS/" directory.
For example, if you are looking for an updated RPM package for
Mandrake Linux 8.0, look for it in "updates/8.0/RPMS/".  Updated source
RPMs are available as well, but you generally do not need to download
them.

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other security advisories for Mandrake Linux at:

  http://www.linux-mandrake.com/en/security/

If you want to report vulnerabilities, please contact

  security@linux-mandrake.com
______________________________________________________________________

Mandrake Linux has two security-related mailing list services that
anyone can subscribe to:

security-announce@linux-mandrake.com

  Mandrake Linux's security announcements mailing list.  Only
  announcements are sent to this list and it is read-only.

security-discuss@linux-mandrake.com

  Mandrake Linux's security discussion mailing list.  This list is open
  to anyone to discuss Mandrake Linux security specifically and Linux
  security in general.

To subscribe to either list, send a message to
  sympa@linux-mandrake.com
with "subscribe [listname]" in the body of the message.

To remove yourself from either list, send a message to
  sympa@linux-mandrake.com
with "unsubscribe [listname]" in the body of the message.

To get more information on either list, send a message to
  sympa@linux-mandrake.com
with "info [listname]" in the body of the message.

Optionally, you can use the web interface to subscribe to or unsubscribe
from either list:

  http://www.linux-mandrake.com/en/flists.php3#security
______________________________________________________________________



From: Linux Mandrake Security Team <security@linux-mandrake.com>
Subject: MDKSA-2001:074 - WindowMaker update


______________________________________________________________________

                Mandrake Linux Security Update Advisory
______________________________________________________________________

Package name:           WindowMaker
Date:                   August 31st, 2001
Advisory ID:            MDKSA-2001:074

Affected versions:      7.1, 7.2, 8.0, Corporate Server 1.0.1
______________________________________________________________________

Problem Description:

 A buffer overflow exists in the WindowMaker window manager's window
 title handling code, as discovered by Alban Hertroys.  Many programs,
 such as web browsers, set the window title to something obtained from
 the network, such as the title of the currently-viewed web page.  As
 such, this buffer overflow could be exploited remotely.  WindowMaker
 versions above and including 0.65.1 are fixed upstream; these packages
 have been patched to correct the problem.
______________________________________________________________________

References:

  http://www.windowmaker.org/src/ChangeLog
______________________________________________________________________

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:
  rpm --checksig package.rpm
You can get the GPG public key of the Mandrake Linux Security Team at
  http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS
If you use MandrakeUpdate, the verification of md5 checksum and GPG
signature is performed automatically for you.

Linux-Mandrake 7.1:
48c5d3cfa2f9071830344918c429b76f  7.1/RPMS/WindowMaker-0.62.1-13.1mdk.i586.rpm
af2162d3ce9a508ea373d36eb7637f8f  7.1/RPMS/WindowMaker-devel-0.62.1-13.1mdk.i586.rpm
d80f24e05c3ce958b68632b26ca07c47  7.1/SRPMS/WindowMaker-0.62.1-13.1mdk.src.rpm

Linux-Mandrake 7.2:
8f048b675c7220d622e83afca5676b00  7.2/RPMS/WindowMaker-0.62.1-18.1mdk.i586.rpm
c3dc24f5d24e8df7e820a39a767676c7  7.2/RPMS/WindowMaker-devel-0.62.1-18.1mdk.i586.rpm
e0e95d2ce199d33da6614ca9b99747fc  7.2/SRPMS/WindowMaker-0.62.1-18.1mdk.src.rpm

Mandrake Linux 8.0:
10d20d21c895a09172fa0f32f6b7363b  8.0/RPMS/WindowMaker-0.64.0-8.1mdk.i586.rpm
da9ffdad57c2dd4362e383a79ebf5951  8.0/RPMS/WindowMaker-devel-0.64.0-8.1mdk.i586.rpm
644f90bf9a1fa1efb9a34599b761a449  8.0/RPMS/libwraster2-0.64.0-8.1mdk.i586.rpm
9ec21851b8e98f4a4a633addac5b81ba  8.0/RPMS/libwraster2-devel-0.64.0-8.1mdk.i586.rpm
94e59837aa43db7e221083169e07ca67  8.0/SRPMS/WindowMaker-0.64.0-8.1mdk.src.rpm

Mandrake Linux 8.0 (PPC):
3da4b475a9a67307b9f9afcdccf3cf14  ppc/8.0/RPMS/WindowMaker-0.64.0-8.1mdk.ppc.rpm
f7319c563da54ae7e0ab360af4e90f92  ppc/8.0/RPMS/WindowMaker-devel-0.64.0-8.1mdk.ppc.rpm
3dfca8bb681c1b2f82ad16a601df8688  ppc/8.0/RPMS/libwraster2-0.64.0-8.1mdk.ppc.rpm
03e3a82570ca4a63639732807de97014  ppc/8.0/RPMS/libwraster2-devel-0.64.0-8.1mdk.ppc.rpm
48424cbef2369db5b64be0607ff51db6  ppc/8.0/SRPMS/WindowMaker-0.64.0-8.1mdk.src.rpm

Corporate Server 1.0.1:
48c5d3cfa2f9071830344918c429b76f  1.0.1/RPMS/WindowMaker-0.62.1-13.1mdk.i586.rpm
af2162d3ce9a508ea373d36eb7637f8f  1.0.1/RPMS/WindowMaker-devel-0.62.1-13.1mdk.i586.rpm
d80f24e05c3ce958b68632b26ca07c47  1.0.1/SRPMS/WindowMaker-0.62.1-13.1mdk.src.rpm
______________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):

______________________________________________________________________

To upgrade automatically, use MandrakeUpdate.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".

You can download the updates directly from one of the mirror sites
listed at:

  http://www.linux-mandrake.com/en/ftp.php3.

Updated packages are available in the "updates/[ver]/RPMS/" directory.
For example, if you are looking for an updated RPM package for
Mandrake Linux 8.0, look for it in "updates/8.0/RPMS/".  Updated source
RPMs are available as well, but you generally do not need to download
them.

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other security advisories for Mandrake Linux at:

  http://www.linux-mandrake.com/en/security/

If you want to report vulnerabilities, please contact

  security@linux-mandrake.com
______________________________________________________________________

Mandrake Linux has two security-related mailing list services that
anyone can subscribe to:

security-announce@linux-mandrake.com

  Mandrake Linux's security announcements mailing list.  Only
  announcements are sent to this list and it is read-only.

security-discuss@linux-mandrake.com

  Mandrake Linux's security discussion mailing list.  This list is open
  to anyone to discuss Mandrake Linux security specifically and Linux
  security in general.

To subscribe to either list, send a message to
  sympa@linux-mandrake.com
with "subscribe [listname]" in the body of the message.

To remove yourself from either list, send a message to
  sympa@linux-mandrake.com
with "unsubscribe [listname]" in the body of the message.

To get more information on either list, send a message to
  sympa@linux-mandrake.com
with "info [listname]" in the body of the message.

Optionally, you can use the web interface to subscribe to or unsubscribe
from either list:

  http://www.linux-mandrake.com/en/flists.php3#security





Date: Fri, 31 Aug 2001 15:06:01 -0600
From: Linux Mandrake Security Team 
Subject: MDKSA-2001:075 - sendmail update

______________________________________________________________________

                Mandrake Linux Security Update Advisory
______________________________________________________________________

Package name:           sendmail
Date:                   August 31st, 2001
Advisory ID:            MDKSA-2001:075

Affected versions:      7.2, 8.0
______________________________________________________________________

Problem Description:

 An input validation error exists in sendmail that may allow local users
 to write arbitrary data to process memory.  This could possibly allow
 the execute of code or commands with elevated privileges and may also
 allow a local attacker to gain access to the root account.
______________________________________________________________________

References:

  http://www.securityfocus.com/bid/3163
______________________________________________________________________

Please verify the update prior to upgrading to ensure the integrity of
the downloaded package.  You can do this with the command:
  rpm --checksig package.rpm
You can get the GPG public key of the Mandrake Linux Security Team at
  http://www.linux-mandrake.com/en/security/RPM-GPG-KEYS
If you use MandrakeUpdate, the verification of md5 checksum and GPG
signature is performed automatically for you.

Linux-Mandrake 7.2:
2c2ebc4afbe6efc4096d3794ae96ba63  7.2/RPMS/sendmail-8.11.0-3.1mdk.i586.rpm
ce746300c402f37cf0d03271a7e55a41  7.2/RPMS/sendmail-cf-8.11.0-3.1mdk.i586.rpm
2137a5294aa63f20e9ff03e97c84bd01  7.2/RPMS/sendmail-doc-8.11.0-3.1mdk.i586.rpm
e63563290213bdfc2e1396ba6fb52aec  7.2/SRPMS/sendmail-8.11.0-3.1mdk.src.rpm

Mandrake Linux 8.0:
9ff57477c98a364588fa7a5ed95750b5  8.0/RPMS/sendmail-8.11.6-1.1mdk.i586.rpm
7c53b2aa7fc6105892ddededf4e31898  8.0/RPMS/sendmail-cf-8.11.6-1.1mdk.i586.rpm
e3d814078cacf5e2cc2c40c2b104100e  8.0/RPMS/sendmail-doc-8.11.6-1.1mdk.i586.rpm
68c2ea65734dd84c67cb3941213e6fb4  8.0/SRPMS/sendmail-8.11.6-1.1mdk.src.rpm

Mandrake Linux 8.0 (PPC):
5eba1e225c9a3e88cca42f1b9488cfbe  ppc/8.0/RPMS/sendmail-8.11.6-1.1mdk.ppc.rpm
c05cb59430bff005ecdbfdf944fa8a38  ppc/8.0/RPMS/sendmail-cf-8.11.6-1.1mdk.ppc.rpm
c81fd2d494ef6f9c0f957ae186b08f7e  ppc/8.0/RPMS/sendmail-doc-8.11.6-1.1mdk.ppc.rpm
c10d3fae9f2d3b2ee0cf579baf22d89e  ppc/8.0/SRPMS/sendmail-8.11.6-1.1mdk.src.rpm
______________________________________________________________________

Bug IDs fixed (see https://qa.mandrakesoft.com for more information):

______________________________________________________________________

To upgrade automatically, use MandrakeUpdate.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm".

You can download the updates directly from one of the mirror sites
listed at:

  http://www.linux-mandrake.com/en/ftp.php3.

Updated packages are available in the "updates/[ver]/RPMS/" directory.
For example, if you are looking for an updated RPM package for
Mandrake Linux 8.0, look for it in "updates/8.0/RPMS/".  Updated source
RPMs are available as well, but you generally do not need to download
them.

Please be aware that sometimes it takes the mirrors a few hours to
update.

You can view other security advisories for Mandrake Linux at:

  http://www.linux-mandrake.com/en/security/

If you want to report vulnerabilities, please contact

  security@linux-mandrake.com
______________________________________________________________________

Mandrake Linux has two security-related mailing list services that
anyone can subscribe to:

security-announce@linux-mandrake.com

  Mandrake Linux's security announcements mailing list.  Only
  announcements are sent to this list and it is read-only.

security-discuss@linux-mandrake.com

  Mandrake Linux's security discussion mailing list.  This list is open
  to anyone to discuss Mandrake Linux security specifically and Linux
  security in general.

To subscribe to either list, send a message to
  sympa@linux-mandrake.com
with "subscribe [listname]" in the body of the message.

To remove yourself from either list, send a message to
  sympa@linux-mandrake.com
with "unsubscribe [listname]" in the body of the message.

To get more information on either list, send a message to
  sympa@linux-mandrake.com
with "info [listname]" in the body of the message.

Optionally, you can use the web interface to subscribe to or unsubscribe
from either list:

  http://www.linux-mandrake.com/en/flists.php3#security