Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


TurboLinux: Retraction of Impact Statement in Sendmail Security Advisory

May 13, 2001, 15:00 (0 Talkback[s])
From:   TurboLinux Security Team <security@www1.turbolinux.com>
Subject:        [TL-Security-Announce] Retraction of Impact Statement in Sendmail Security Advisory: TLSA2001003-1
Date:   11 May 2001 19:01:52 -0700
 
We would like to make a correction in regard to a statement
made in the security advisory that was posted on February 22 for the
package "sendmail-8.11.2-5".  In the advisory, it is stated
that "A user can gain root access privileges."  This is NOT the
case.

The -bt index bug is NOT exploitable, and therefore, has no security
impact.  Special thanks to Kris Kenneway for pointing this out.  For more
information on this issue, please review the following URL:

http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Ftid%3D138299%26threads%3D1%26end%3D2000-10-14%26list%3D1%26start%3D2000-10-08%26

The package sendmail-8.11.2-5 will remain available on our ftp site as it
does contain the fixes to prevent the -bt index bug.

Turbolinux is committed to developing quality products with a strong
emphasis on security.

Thank you.