[FLSA-2006:195418] Updated sendmail packages fix security issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated sendmail packages fix security issue
Advisory ID:       FLSA:195418
Issue date:        2006-10-29
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix, Security
CVE Names:         CVE-2006-1173
---------------------------------------------------------------------

---------------------------------------------------------------------
1. Topic:

Updated sendmail packages that fix a security issue are now available.

The sendmail package provides a widely used Mail Transport Agent (MTA).

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64

3. Problem description:

A flaw in the handling of multi-part MIME messages was discovered in
Sendmail.  A remote attacker could create a carefully crafted message
that could crash the sendmail process during delivery (CVE-2006-1173).

Users of Sendmail are advised to upgrade to these erratum packages,
which contain a backported patch from the Sendmail team to correct this
issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195418

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/sendmail-8.12.11-4.22.11.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-8.12.11-4.22.11.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-cf-8.12.11-4.22.11.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-devel-8.12.11-4.22.11.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-doc-8.12.11-4.22.11.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/sendmail-8.12.11-4.24.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-8.12.11-4.24.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-cf-8.12.11-4.24.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-devel-8.12.11-4.24.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-doc-8.12.11-4.24.4.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/sendmail-8.12.11-4.25.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/sendmail-8.12.11-4.25.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/sendmail-cf-8.12.11-4.25.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/sendmail-devel-8.12.11-4.25.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/sendmail-doc-8.12.11-4.25.4.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/sendmail-8.12.11-4.26.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-8.12.11-4.26.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-cf-8.12.11-4.26.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-devel-8.12.11-4.26.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-doc-8.12.11-4.26.1.legacy.i386.rpm

Fedora Core 3:

SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/sendmail-8.13.1-4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-8.13.1-4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-cf-8.13.1-4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-devel-8.13.1-4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-doc-8.13.1-4.legacy.i386.rpm

x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/sendmail-8.13.1-4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/sendmail-cf-8.13.1-4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/sendmail-devel-8.13.1-4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/sendmail-doc-8.13.1-4.legacy.x86_64.rpm

7. Verification:

SHA1 sum                                  Package Name
---------------------------------------------------------------------
rh73:
de3219959a42e413f4add01a96fe5bd4e5c2e25b  redhat/7.3/updates/i386/sendmail-8.12.11-4.22.11.legacy.i386.rpm
6651ffec675ad29d60dae0b538cc4ab00833b7e9  redhat/7.3/updates/i386/sendmail-cf-8.12.11-4.22.11.legacy.i386.rpm
a863e902dac5362e8922e62358f00e76fccfb0dd  redhat/7.3/updates/i386/sendmail-devel-8.12.11-4.22.11.legacy.i386.rpm
8b02c451d2ed59b530f3e6976e3bbf4ce0ea535c  redhat/7.3/updates/i386/sendmail-doc-8.12.11-4.22.11.legacy.i386.rpm
76086504341d07d4ee88c15a5060c1088d6f3057  redhat/7.3/updates/SRPMS/sendmail-8.12.11-4.22.11.legacy.src.rpm

rh9:
31695348a11ac9b47d5470249072f2175131bdab  redhat/9/updates/i386/sendmail-8.12.11-4.24.4.legacy.i386.rpm
05c883b5a6b218f69a08c711ca71e4d14d958141  redhat/9/updates/i386/sendmail-cf-8.12.11-4.24.4.legacy.i386.rpm
7bc9aef8a1a8794eb6ad6c8496ede743bc61fd76  redhat/9/updates/i386/sendmail-devel-8.12.11-4.24.4.legacy.i386.rpm
470d3a9ada94a6d1735176050cfa94c8eefc8c70  redhat/9/updates/i386/sendmail-doc-8.12.11-4.24.4.legacy.i386.rpm
5715d14fec8f303271ee7ef3ace828f80af76902  redhat/9/updates/SRPMS/sendmail-8.12.11-4.24.4.legacy.src.rpm

fc1:
b4e627654290a72eb736678f9ddf6c19031daed6  fedora/1/updates/i386/sendmail-8.12.11-4.25.4.legacy.i386.rpm
6e631fda5b975b4cd40b8e580b1562888addc272  fedora/1/updates/i386/sendmail-cf-8.12.11-4.25.4.legacy.i386.rpm
c9e37c442488d4079983ad47d74c843b2e835b52  fedora/1/updates/i386/sendmail-devel-8.12.11-4.25.4.legacy.i386.rpm
c3d8da108fb47db91a3bd9513de4e5e403e34656  fedora/1/updates/i386/sendmail-doc-8.12.11-4.25.4.legacy.i386.rpm
1198d4465b351b6555b510fe22ff93c3accdc794  fedora/1/updates/SRPMS/sendmail-8.12.11-4.25.4.legacy.src.rpm

fc2:
719954687788a5194cde32eb235d3d542fa62690  fedora/2/updates/i386/sendmail-8.12.11-4.26.1.legacy.i386.rpm
840bf9b1d018965963ceaffec85e0be2dced5345  fedora/2/updates/i386/sendmail-cf-8.12.11-4.26.1.legacy.i386.rpm
b44e5ba3a369885111d74232960b3de5e5e1207e  fedora/2/updates/i386/sendmail-devel-8.12.11-4.26.1.legacy.i386.rpm
2a8eaa15f1c7e50dbc16542e5d93b88e1933d522  fedora/2/updates/i386/sendmail-doc-8.12.11-4.26.1.legacy.i386.rpm
48fce3c232e313a1648d04bdd0ffe727b1cb9867  fedora/2/updates/SRPMS/sendmail-8.12.11-4.26.1.legacy.src.rpm

fc3:
27a009c764d367c5bb32c003ef79611602709808  fedora/3/updates/i386/sendmail-8.13.1-4.legacy.i386.rpm
aa4ae72b7747269f6d20519e3fefd83a28e52df6  fedora/3/updates/i386/sendmail-cf-8.13.1-4.legacy.i386.rpm
ea0d29481a712d42927f15da4fcc2709d4e5fbd0  fedora/3/updates/i386/sendmail-devel-8.13.1-4.legacy.i386.rpm
428282ff79c56f0f0bda0607612c38ca4253ab04  fedora/3/updates/i386/sendmail-doc-8.13.1-4.legacy.i386.rpm
14661dcec23213f5337e1eba749e8657daf5ef4b  fedora/3/updates/x86_64/sendmail-8.13.1-4.legacy.x86_64.rpm
c6fdccb6edf57d18aad1c955809ea74cbee333cd  fedora/3/updates/x86_64/sendmail-cf-8.13.1-4.legacy.x86_64.rpm
67f50ca7957b1cef314f9ab2e5d5dba81376573c  fedora/3/updates/x86_64/sendmail-devel-8.13.1-4.legacy.x86_64.rpm
05be329d3ec2df28d49b1e7f91e2eea9daf0159f  fedora/3/updates/x86_64/sendmail-doc-8.13.1-4.legacy.x86_64.rpm
0167c72624710207c4c4b16afdce87e5fb161dd0  fedora/3/updates/SRPMS/sendmail-8.13.1-4.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
http://www.kb.cert.org/vuls/id/146718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
http://rhn.redhat.com/errata/RHSA-2006-0515.html

9. Contact:

The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More
project details at http://www.fedoralegacy.org

---------------------------------------------------------------------

Attachment: signature.asc
Description: OpenPGP digital signature

--
Fedora-legacy-announce mailing list
Fedora-legacy-announce@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-announce

[Index of Archives]     [Fedora Legacy]     [PAM]     [Fedora Desktop]     [Red Hat Development]     [Red Hat Linux 9]     [Big List of Linux Books]     [Gimp]

  Powered by Linux