OpenSSH and Sendmail Holes

[stanislav shalunov <shalunov () INTERNET2 EDU>]

These three problems were not mentioned here, they came out in last
two days and are important: remote root compromises of widespread and
important daemons (electronic mail and secure shell) are possible.

Yesterday, a buffer management problem was found in OpenSSH.
OpenSSH 3.7 was released to fix the hole.  It didn't get everything.
More related problems were found today, and OpenSSH 3.7.1 was
released.  Source patches at http://www.openssh.com/txt/buffer.adv

Today, a new vulnerability in sendmail address parsing code was
disclosed.  It affects all versions up to 8.12.9.  Sendmail 8.12.10
fixes this problem.  http://www.sendmail.org/8.12.10.html

--
Stanislav Shalunov              http://www.internet2.edu/~shalunov/

"The power of accurate observation is commonly called cynicism by
those who have not got it."                     -- G. B. Shaw

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.