Regarding the latest vulnerability discivered...
The rpm that is available for download from RH site is sendmail-8.11.6-23.72.i386.rpm and it is rather small - 304K.
According to the size I assume it a 'security fix' , not the real upgrade package. (Thogh they don't state it explicitly)
The only way I can apply it is using rpm -U option.
If anyone tried to apply this patch, can you confirm the following:
1. sendmail-8.11.6-23.72.i386.rpm available at http://rhn.redhat.com/errata/RHSA-2003-073.html is a fix and not the full upgrade package
2. It should be used with rpm -U
Sorry for asking those questions but I'm about to apply it to production box and I couldn't find instructions on teh RH site.
According to Red Hat's site, you should use -Fvh rather than -U since you are not upgrading the whole package. Using -F will force it to install only the needed/affected file to be upgraded ( and may be that's explain why it's small ).
I run RH 7.3 and use Up2date instead of patching so I'm not absolute on your way of doing it.