Patch-ID# 103594-09 Keywords: security sendmail V8 core HP openmail mail BIND 4.9.3 libresolv.so.2 Synopsis: SunOS 5.5.1: /usr/lib/sendmail fixes Date: Apr/02/97 Solaris Release: 2.5.1 SunOS Release: 5.5.1 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 103595 Xref: This patch available for PPC as patch 103596 Topic: SunOS 5.5.1: /usr/lib/sendmail fixes BugId's fixed with this patch: 1241841 1244027 1245185 1249090 1249900 1252530 1253584 1265017 1267313 4011634 4017798 4018487 4018511 4030794 Changes incorporated in this version: 4017798 4018511 4030794 Relevant Architectures: sparc Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 103663-01 (or higher revs) Obsoleted by: Files included with this patch: /usr/bin/mailcompat /usr/lib/sendmail Problem Description: 4018511 Security bug: Sendmail Group Permissions Vulnerability 4030794 sendmail gets From: field wrong 4017798 Sendmail in bs mode ignores the Orident option (from 103594-08) 4018487 Security Bug: Sendmail Treats The w Option As Safe (from 103594-07) 4011634 a user can redirect messages to unqualified domain names 1267313 sendmail security bug - Sendmail CERT advisory 96.20 (from 103594-06) 1265017 V8 sendmail patch breaks F=U (UNIX-Style From line) flag 1245185 alias indirect self reference is broken in sendmail v8 (from 103594-05) 1244027 NIS mail.aliases DBM map built from v8 sendmail breaks v5 sendmail clients 1252530 make aliases fail (from 103594-04) 1249900 Transient parse error when using NIS+ prevents sendmail outside the domain (from 103594-03) 1253584 Sendmail source update and rebuild for BIND 4.9.3 (from 103594-02) 1249090 sendmail V8 coredumps while deivering from mail queue to HP openmail (from 103594-01) 1241841 Sendmail V8 coredumps when using HP openmail, or Novell Groupwise SMTP Gateway Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- This patch requires the sparc libresolv.so.2/BIND 4.9.3 patch, 103663-01, or higher, to be installed on the target system. It is also recommended to install the following patches: 103680-01 or higher nscd/nscd_nischeck rebuild for BIND 4.9.3 103683-01 or higher nss_dns.so.1 rebuild for BIND 4.9.3 103686-01 or higher rpc.nisd_resolv rebuild for BIND 4.9.3