Patch-ID# 113575-05 Keywords: security sendmail dns .forward vacation.c e-mail parsing Synopsis: SunOS 5.9: sendmail Patch Date: Sep/29/2003 Install Requirements: See Special Install Instructions Solaris Release: 9 SunOS Release: 5.9 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 114137 Topic: SunOS 5.9: sendmail Patch Relevant Architectures: sparc BugId's fixed with this patch: 4678365 4697068 4704672 4704675 4706596 4706608 4706632 4706660 4720281 4725387 4728227 4737586 4756570 4798135 4808977 4809539 4826809 4835344 4839833 4924036 Changes incorporated in this version: 4924036 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /etc/mail/helpfile /etc/mail/main.cf /etc/mail/sendmail.cf /etc/mail/sendmail.hf /etc/mail/submit.cf /etc/mail/subsidiary.cf /usr/bin/mailcompat /usr/bin/mailstats /usr/bin/praliases /usr/bin/vacation /usr/lib/mail.local /usr/lib/mail/README /usr/lib/mail/cf/main.cf /usr/lib/mail/cf/submit.cf /usr/lib/mail/cf/submit.mc /usr/lib/mail/cf/subsidiary.cf /usr/lib/mail/feature/access_db.m4 /usr/lib/mail/feature/compat_check.m4 /usr/lib/mail/feature/dnsbl.m4 /usr/lib/mail/feature/enhdnsbl.m4 /usr/lib/mail/feature/ldap_routing.m4 /usr/lib/mail/feature/msp.m4 /usr/lib/mail/feature/preserve_luser_host.m4 /usr/lib/mail/m4/cfhead.m4 /usr/lib/mail/m4/proto.m4 /usr/lib/mail/m4/version.m4 /usr/lib/sendmail /usr/lib/smrsh /usr/sbin/editmap /usr/sbin/makemap /usr/sbin/newaliases Problem Description: 4924036 upgrade sendmail to 8.12.10 (from 113575-04) 4839833 upgrade sendmail to 8.12.9 4835344 address parsing issue 4826809 minor follow-up fixes for sendmail 8.12.8 needed (from 113575-03) 4808977 upgrade sendmail to 8.12.8 4798135 upgrade sendmail to 8.12.7 4809539 header parsing issue (from 113575-02) 4756570 sendmail doesn't handle some .forward constructs correctly 4706608 mail.local.c uses unsafe functions(). 4706596 Unsafe string functions are used in sendmail auxiliary programs. 4706660 Result of malloc() not checked in nisedit.c and nisplus.c 4706632 vacation.c uses unsafe functions. 4697068 vacation should ignore case differences in domain part of sender addresses 4737586 upgrade sendmail to 8.12.6 4728227 sendmail "Sun hacks" code uses unsafe string function (from 113575-01) 4725387 upgrade sendmail to 8.12.5 4720281 upgrade sendmail to 8.12.4 4678365 upgrade sendmail to 8.12.3 4704675 Potential race condition in bf.c 4704672 sendmail could corrupt memory if it gets a bad DNS reply Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- Note: It is necessary to restart sendmail after the patch installation in order to be running with the latest version of sendmail included in this patch. Execute the following commands as root. # /etc/init.d/sendmail stop # /etc/init.d/sendmail start If you have not modified the /etc/mail/sendmail.cf and /etc/mail/submit.cf files then the patch installation will overwrite these files with the new versions. If you no longer wish to use the default configuration then refer to the /usr/lib/mail/README file on how to customize these files. Review the contents of /etc/mail to determime if any config files added by this patch need to be merged with existing config files. README -- Last modified date: Monday, September 29, 2003