[3782] in Release_7.7_team
Emergency 9.1.26 patch release
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sat Mar 29 16:30:47 2003
Date: Sat, 29 Mar 2003 16:30:38 -0500
Message-Id: <200303292130.QAA05267@lockpicking-tools.mit.edu>
From: Greg Hudson <ghudson@MIT.EDU>
To: release-announce@MIT.EDU
We will be putting out an emergency 9.1 patch release this evening in
order to fix a recently discovered remote hole in sendmail. There are
no other changes in the patch release. (Some of you may remember that
we did the very same thing at the beginning of this month; this is a
new security hole.)
If you are running a server or other machine which is disruptive to
update, you should are most likely okay without taking the update as
long as your machine is not running a sendmail daemon. (Most machines
don't, but look for "mail" in /var/server/.services if you have one,
check the value if SENDMAIL is true in /etc/athena/rc.conf, and check
the process table for a running "sendmail -bd" process.)
If you have a machine set AUTOUPDATE=false, you can update it manually
after the release goes out by doing a console login as root and
running "update_ws".
Please send any questions or comments to release-team@mit.edu.
