Operating System - HP-UX
1833034 Members
2338 Online
110049 Solutions
New Discussion

Latest Sendmail 8.11.1 v1.4?

 
SOLVED
Go to solution
Brian DelPizzo
Frequent Advisor

Latest Sendmail 8.11.1 v1.4?

I have upgraded Sendmail on my 11.11 system to 8.11.1 release 4. I have a few questions regarding security....

1) Is this the latest sendmail release?

2) Are there any patches needed to secure 8.11.1 release 4? How can I check?

3) Is there one deffinitive source for the latest Sendmail (HP depot) security information? If not, does the security newsletter cover this type of update?

Thanks,
Brian

4 REPLIES 4
Elena Leontieva
Esteemed Contributor

Re: Latest Sendmail 8.11.1 v1.4?

Brian,

1. No HPSBUX0304-253 SSRT3531 Potential Security Vulnerability in sendmail (rev.6) (29669

2. HPSBUX0302-246 SSRT3469 Potential Security Vulnerability in sendmail (rev.4) (18791)

3. Yes
Brian DelPizzo
Frequent Advisor

Re: Latest Sendmail 8.11.1 v1.4?

>Brian,

>1. No HPSBUX0304-253 SSRT3531 Potential >Security Vulnerability in sendmail (rev.6) >(29669

>2. HPSBUX0302-246 SSRT3469 Potential Security >Vulnerability in sendmail (rev.4) (18791)

>3. Yes

The HPSBUX0304-253 SSRT3531 vulnerability was fixed in 8.11.1 release 3. I haven't seen a newer version than 8.11.1 release 4 so I guess it is the newest.

HPSBUX0302-246 SSRT3469 was also fixed before 8.11.1 release 4.

As for 3 do you mean yes there is a deffinitive source or yes the newsletter covers everything?

Thanks!
Elena Leontieva
Esteemed Contributor
Solution

Re: Latest Sendmail 8.11.1 v1.4?

Brian,

I am getting Security Bulletin Digest from HP. You can subscribe to it as follows:
HP Support Information Digests

===============================================================================
o Security Bulletin Digest Split
------------------------------

The security bulletins digest has been split into multiple digests
based on the operating system (HP-UX, MPE/iX, and HP Secure OS
Software for Linux). You will continue to receive all security
bulletin digests unless you choose to update your subscriptions.

To update your subscriptions, use your browser to access the
IT Resource Center on the World Wide Web at:

http://support.itrc.hp.com/

Under the Maintenance and Support Menu, click on the "more..." link.
Then use the 'login' link at the left side of the screen to login
using your IT Resource Center User ID and Password.

Under the notifications section (near the bottom of the page), select
Support Information Digests.

To subscribe or unsubscribe to a specific security bulletin digest,
select or unselect the checkbox beside it. Then click the
"Update Subscriptions" button at the bottom of the page.

Elena.
Steven E. Protter
Exalted Contributor

Re: Latest Sendmail 8.11.1 v1.4?

Because of the importance of email and the continued flow of security problems from this program, you are going to need to stay current.

No, this is not the latest sendmail release. sendmail.org has 8.12 out but that hasn't been ported and tested on HP-UX yet.

The depot with patches noted above installed has all security enhancements short of what was implemented in 8.12

There may be certain 8.12 security code implemented by HP in the patches to deal with the obvious security problems with this program.

If you get the itrc and CERT emailings you will be aware of sendmail issues. Also, recently any flaws in sendmail have been popping up on cable news channels. The media is not just content with picking on Bill Gates any more.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com