Login
Newsletter
Werbung

Sicherheit: Denial of Service in sendmail
Aktuelle Meldungen Distributionen
Name: Denial of Service in sendmail
ID: FLSA:195418
Distribution: Fedora Legacy
Plattformen: Fedora Core 1, Fedora Core 2, Red Hat Linux 7.3, Red Hat Linux 9, Fedora Core 3
Datum: So, 29. Oktober 2006, 16:07
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
Applikationen: Sendmail

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============1598882917==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="------------enigF693DDB6E0960D442A1E6372"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigF693DDB6E0960D442A1E6372
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated sendmail packages fix security issue
Advisory ID: FLSA:195418
Issue date: 2006-10-29
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix, Security
CVE Names: CVE-2006-1173
---------------------------------------------------------------------

---------------------------------------------------------------------
1. Topic:

Updated sendmail packages that fix a security issue are now available.

The sendmail package provides a widely used Mail Transport Agent (MTA).

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64

3. Problem description:

A flaw in the handling of multi-part MIME messages was discovered in
Sendmail. A remote attacker could create a carefully crafted message
that could crash the sendmail process during delivery (CVE-2006-1173).

Users of Sendmail are advised to upgrade to these erratum packages,
which contain a backported patch from the Sendmail team to correct this
issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195418

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
sendmail-8.12.11-4.22.11.legacy.src.rpm

i386:
sendmail-8.12.11-4.22.11.legacy.i386.rpm
sendmail-cf-8.12.11-4.22.11.legacy.i386.rpm
sendmail-devel-8.12.11-4.22.11.legacy.i386.rpm
sendmail-doc-8.12.11-4.22.11.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
sendmail-8.12.11-4.24.4.legacy.src.rpm

i386:
sendmail-8.12.11-4.24.4.legacy.i386.rpm
sendmail-cf-8.12.11-4.24.4.legacy.i386.rpm
sendmail-devel-8.12.11-4.24.4.legacy.i386.rpm
sendmail-doc-8.12.11-4.24.4.legacy.i386.rpm

Fedora Core 1:

SRPM:
sendmail-8.12.11-4.25.4.legacy.src.rpm

i386:
sendmail-8.12.11-4.25.4.legacy.i386.rpm
sendmail-cf-8.12.11-4.25.4.legacy.i386.rpm
sendmail-devel-8.12.11-4.25.4.legacy.i386.rpm
sendmail-doc-8.12.11-4.25.4.legacy.i386.rpm

Fedora Core 2:

SRPM:
sendmail-8.12.11-4.26.1.legacy.src.rpm

i386:
sendmail-8.12.11-4.26.1.legacy.i386.rpm
sendmail-cf-8.12.11-4.26.1.legacy.i386.rpm
sendmail-devel-8.12.11-4.26.1.legacy.i386.rpm
sendmail-doc-8.12.11-4.26.1.legacy.i386.rpm

Fedora Core 3:

SRPM:
sendmail-8.13.1-4.legacy.src.rpm

i386:
sendmail-8.13.1-4.legacy.i386.rpm
sendmail-cf-8.13.1-4.legacy.i386.rpm
sendmail-devel-8.13.1-4.legacy.i386.rpm
sendmail-doc-8.13.1-4.legacy.i386.rpm

x86_64:
sendmail-8.13.1-4.legacy.x86_64.rpm
sendmail-cf-8.13.1-4.legacy.x86_64.rpm
sendmail-devel-8.13.1-4.legacy.x86_64.rpm
sendmail-doc-8.13.1-4.legacy.x86_64.rpm

7. Verification:

SHA1 sum Package Name
---------------------------------------------------------------------
rh73:
de3219959a42e413f4add01a96fe5bd4e5c2e25b
redhat/7.3/updates/i386/sendmail-8.12.11-4.22.11.legacy.i386.rpm
6651ffec675ad29d60dae0b538cc4ab00833b7e9
redhat/7.3/updates/i386/sendmail-cf-8.12.11-4.22.11.legacy.i386.rpm
a863e902dac5362e8922e62358f00e76fccfb0dd
redhat/7.3/updates/i386/sendmail-devel-8.12.11-4.22.11.legacy.i386.rpm
8b02c451d2ed59b530f3e6976e3bbf4ce0ea535c
redhat/7.3/updates/i386/sendmail-doc-8.12.11-4.22.11.legacy.i386.rpm
76086504341d07d4ee88c15a5060c1088d6f3057
redhat/7.3/updates/SRPMS/sendmail-8.12.11-4.22.11.legacy.src.rpm

rh9:
31695348a11ac9b47d5470249072f2175131bdab
redhat/9/updates/i386/sendmail-8.12.11-4.24.4.legacy.i386.rpm
05c883b5a6b218f69a08c711ca71e4d14d958141
redhat/9/updates/i386/sendmail-cf-8.12.11-4.24.4.legacy.i386.rpm
7bc9aef8a1a8794eb6ad6c8496ede743bc61fd76
redhat/9/updates/i386/sendmail-devel-8.12.11-4.24.4.legacy.i386.rpm
470d3a9ada94a6d1735176050cfa94c8eefc8c70
redhat/9/updates/i386/sendmail-doc-8.12.11-4.24.4.legacy.i386.rpm
5715d14fec8f303271ee7ef3ace828f80af76902
redhat/9/updates/SRPMS/sendmail-8.12.11-4.24.4.legacy.src.rpm

fc1:
b4e627654290a72eb736678f9ddf6c19031daed6
fedora/1/updates/i386/sendmail-8.12.11-4.25.4.legacy.i386.rpm
6e631fda5b975b4cd40b8e580b1562888addc272
fedora/1/updates/i386/sendmail-cf-8.12.11-4.25.4.legacy.i386.rpm
c9e37c442488d4079983ad47d74c843b2e835b52
fedora/1/updates/i386/sendmail-devel-8.12.11-4.25.4.legacy.i386.rpm
c3d8da108fb47db91a3bd9513de4e5e403e34656
fedora/1/updates/i386/sendmail-doc-8.12.11-4.25.4.legacy.i386.rpm
1198d4465b351b6555b510fe22ff93c3accdc794
fedora/1/updates/SRPMS/sendmail-8.12.11-4.25.4.legacy.src.rpm

fc2:
719954687788a5194cde32eb235d3d542fa62690
fedora/2/updates/i386/sendmail-8.12.11-4.26.1.legacy.i386.rpm
840bf9b1d018965963ceaffec85e0be2dced5345
fedora/2/updates/i386/sendmail-cf-8.12.11-4.26.1.legacy.i386.rpm
b44e5ba3a369885111d74232960b3de5e5e1207e
fedora/2/updates/i386/sendmail-devel-8.12.11-4.26.1.legacy.i386.rpm
2a8eaa15f1c7e50dbc16542e5d93b88e1933d522
fedora/2/updates/i386/sendmail-doc-8.12.11-4.26.1.legacy.i386.rpm
48fce3c232e313a1648d04bdd0ffe727b1cb9867
fedora/2/updates/SRPMS/sendmail-8.12.11-4.26.1.legacy.src.rpm

fc3:
27a009c764d367c5bb32c003ef79611602709808
fedora/3/updates/i386/sendmail-8.13.1-4.legacy.i386.rpm
aa4ae72b7747269f6d20519e3fefd83a28e52df6
fedora/3/updates/i386/sendmail-cf-8.13.1-4.legacy.i386.rpm
ea0d29481a712d42927f15da4fcc2709d4e5fbd0
fedora/3/updates/i386/sendmail-devel-8.13.1-4.legacy.i386.rpm
428282ff79c56f0f0bda0607612c38ca4253ab04
fedora/3/updates/i386/sendmail-doc-8.13.1-4.legacy.i386.rpm
14661dcec23213f5337e1eba749e8657daf5ef4b
fedora/3/updates/x86_64/sendmail-8.13.1-4.legacy.x86_64.rpm
c6fdccb6edf57d18aad1c955809ea74cbee333cd
fedora/3/updates/x86_64/sendmail-cf-8.13.1-4.legacy.x86_64.rpm
67f50ca7957b1cef314f9ab2e5d5dba81376573c
fedora/3/updates/x86_64/sendmail-devel-8.13.1-4.legacy.x86_64.rpm
05be329d3ec2df28d49b1e7f91e2eea9daf0159f
fedora/3/updates/x86_64/sendmail-doc-8.13.1-4.legacy.x86_64.rpm
0167c72624710207c4c4b16afdce87e5fb161dd0
fedora/3/updates/SRPMS/sendmail-8.13.1-4.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
http://www.kb.cert.org/vuls/id/146718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
http://rhn.redhat.com/errata/RHSA-2006-0515.html

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
project details at http://www.fedoralegacy.org

---------------------------------------------------------------------


--------------enigF693DDB6E0960D442A1E6372
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFFRGHQxou1V/j9XZwRAjO/AKCfiK0CzoqyHXaBq4sy8oN2oEbuMgCg0Swb
A1rfA2VAAUreoYTEY9beKRY=
=kgDK
-----END PGP SIGNATURE-----

--------------enigF693DDB6E0960D442A1E6372--


--===============1598882917==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
Fedora-legacy-announce mailing list
Fedora-legacy-announce@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-legacy-announce
--===============1598882917==--
Pro-Linux
Frohe Ostern
Neue Nachrichten
Werbung