Linux Today: Linux News On Internet Time.

TurboLinux: Retraction of Impact Statement in Sendmail Security Advisory

May 13, 2001, 15:00 (0 Talkback[s])
From:   TurboLinux Security Team <security@www1.turbolinux.com>
Subject:        [TL-Security-Announce] Retraction of Impact Statement in Sendmail Security Advisory: TLSA2001003-1
Date:   11 May 2001 19:01:52 -0700
We would like to make a correction in regard to a statement
made in the security advisory that was posted on February 22 for the
package "sendmail-8.11.2-5".  In the advisory, it is stated
that "A user can gain root access privileges."  This is NOT the

The -bt index bug is NOT exploitable, and therefore, has no security
impact.  Special thanks to Kris Kenneway for pointing this out.  For more
information on this issue, please review the following URL:


The package sendmail-8.11.2-5 will remain available on our ftp site as it
does contain the fixes to prevent the -bt index bug.

Turbolinux is committed to developing quality products with a strong
emphasis on security.

Thank you.