Re: [cobalt-security] New Sendmail vulnerability :o(

["Dave @ The Hostworks" <dave@xxxxxxxxxxxxxxxx>]

In short, Super RPMS :)
----- Original Message -----
From: "Michael Stauber" <cobalt@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Monday, March 31, 2003 3:56 PM
Subject: Re: [cobalt-security] New Sendmail vulnerability :o(


> Hi Dan,
>
> > Forgive my ignorance...  What's an SRPM file?
>
> Some popular Linux distributions use RPM files to install applications.
RPM
> stands for "RedHat Package Manager" and the Sun Cobalt RaQs use the RPM
> mechanism, too.
>
> RPMs are available in two forms: RPMs and SRPMs.
>
> The SRPM contains the sourcecode and patches and a so called "spec" file
which
> contains instructions on how to compile and how to install the files. An
SRPM
> doesn't contain any ready to run code. The prepended "S" stands for
"Source".
>
> RPMs are built from such SRPMs. The SRPM contends are compiled to match
the
> architecture of the given system. The resulting RPM files can then be
> installed on any server which has the same architecture and the same
> software. So any RPM built on a RaQ4 can be installed on any other RaQ4
> provided they don't differ that much in regards to Sun Cobalt patches or
> third party modifications.
>
> I created the unofficial Sendmail patches by downloading the SRPM files
which
> Sun Cobalt used to create the Sendmail RPMs. Most of 'em are available on
> ftp.cobalt.com and all needed to do was to inmplement the two patches
which
> the Sendmail Consortium released to counter the recent vulnerabilities.
>
> However, for the RaQ2 there is no recent enough Sendmail SRPM available,
so I
> couldn't build a patched RPM for the RaQ2.
>
> --
>
> With best regards,
>
> Michael Stauber
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>