Age | Commit message (Collapse) | Author |
|
|
|
A potential security problem has been uncovered in 8.12.0 which might
be exploited locally by malicious users to gain access to the client
mail queue. However, as long as the MTA accepts local connections,
the possible consequences of this potential local exploit are small.
Notice: some operating systems don't provide a way to completely drop
privileges from a set-group-ID program. In that case sendmail refuses
to run if unsafe options are given.
|
|
|
|
|
|
8.11.4 revamps signal handling within the MTA in order to reduce
the likelihood of a race condition that can lead to heap
corruption as described in Michal Zalewski's advisory. The
problems discussed in the advisory are not currently known to
be exploitable but we recommend upgrading to 8.11.4 in case a
method is found to exploit the signal handling race condition.
8.11.4 also fixes other bugs found since the release of 8.11.3.
See the RELEASE_NOTES file for more details.
|
|
contains bug fixes for problems found after 8.11.2 was released.
Systems which use buffered file I/O (like OpenBSD) were not properly
fsync()'ing the data (df) file. Although there is little chance
of data loss, this is an important fix.
|
|
|
|
I've lost the reference.
|
|
|
|
praliases should be in section 1, not 8
Use arc4random(3) instead of random(3)
Add some sample OpenBSD .mc files
|
|
|