Home / vulnerabilities FLSA-2006-195418.txt
Posted on 02 November 2006
Source : packetstormsecurity.org Link
This is a MIME-formatted message. If you see this text it means that your
E-mail software does not support MIME-formatted messages.
--=_server.j2solutions.com-8602-1162274679-0001-2
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
---------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated sendmail packages fix security issue
Advisory ID: FLSA:195418
Issue date: 2006-10-29
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix, Security
CVE Names: CVE-2006-1173
---------------------------------------------------------------------
---------------------------------------------------------------------
1. Topic:
Updated sendmail packages that fix a security issue are now available.
The sendmail package provides a widely used Mail Transport Agent (MTA).
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64
3. Problem description:
A flaw in the handling of multi-part MIME messages was discovered in
Sendmail. A remote attacker could create a carefully crafted message
that could crash the sendmail process during delivery (CVE-2006-1173).
Users of Sendmail are advised to upgrade to these erratum packages,
which contain a backported patch from the Sendmail team to correct this
issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195418
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/sendmail-8.12.11-4.22.11.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-8.12.11-4.22.11.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-cf-8.12.11-4.22.11.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-devel-8.12.11-4.22.11.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-doc-8.12.11-4.22.11.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/sendmail-8.12.11-4.24.4.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-8.12.11-4.24.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-cf-8.12.11-4.24.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-devel-8.12.11-4.24.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-doc-8.12.11-4.24.4.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/sendmail-8.12.11-4.25.4.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/sendmail-8.12.11-4.25.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/sendmail-cf-8.12.11-4.25.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/sendmail-devel-8.12.11-4.25.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/sendmail-doc-8.12.11-4.25.4.legacy.i386.rpm
Fedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/sendmail-8.12.11-4.26.1.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-8.12.11-4.26.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-cf-8.12.11-4.26.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-devel-8.12.11-4.26.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-doc-8.12.11-4.26.1.legacy.i386.rpm
Fedora Core 3:
SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/sendmail-8.13.1-4.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-8.13.1-4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-cf-8.13.1-4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-devel-8.13.1-4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-doc-8.13.1-4.legacy.i386.rpm
x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/sendmail-8.13.1-4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/sendmail-cf-8.13.1-4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/sendmail-devel-8.13.1-4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/sendmail-doc-8.13.1-4.legacy.x86_64.rpm
7. Verification:
SHA1 sum Package Name
---------------------------------------------------------------------
rh73:
de3219959a42e413f4add01a96fe5bd4e5c2e25b redhat/7.3/updates/i386/sendmail-8.12.11-4.22.11.legacy.i386.rpm
6651ffec675ad29d60dae0b538cc4ab00833b7e9 redhat/7.3/updates/i386/sendmail-cf-8.12.11-4.22.11.legacy.i386.rpm
a863e902dac5362e8922e62358f00e76fccfb0dd redhat/7.3/updates/i386/sendmail-devel-8.12.11-4.22.11.legacy.i386.rpm
8b02c451d2ed59b530f3e6976e3bbf4ce0ea535c redhat/7.3/updates/i386/sendmail-doc-8.12.11-4.22.11.legacy.i386.rpm
76086504341d07d4ee88c15a5060c1088d6f3057 redhat/7.3/updates/SRPMS/sendmail-8.12.11-4.22.11.legacy.src.rpm
rh9:
31695348a11ac9b47d5470249072f2175131bdab redhat/9/updates/i386/sendmail-8.12.11-4.24.4.legacy.i386.rpm
05c883b5a6b218f69a08c711ca71e4d14d958141 redhat/9/updates/i386/sendmail-cf-8.12.11-4.24.4.legacy.i386.rpm
7bc9aef8a1a8794eb6ad6c8496ede743bc61fd76 redhat/9/updates/i386/sendmail-devel-8.12.11-4.24.4.legacy.i386.rpm
470d3a9ada94a6d1735176050cfa94c8eefc8c70 redhat/9/updates/i386/sendmail-doc-8.12.11-4.24.4.legacy.i386.rpm
5715d14fec8f303271ee7ef3ace828f80af76902 redhat/9/updates/SRPMS/sendmail-8.12.11-4.24.4.legacy.src.rpm
fc1:
b4e627654290a72eb736678f9ddf6c19031daed6 fedora/1/updates/i386/sendmail-8.12.11-4.25.4.legacy.i386.rpm
6e631fda5b975b4cd40b8e580b1562888addc272 fedora/1/updates/i386/sendmail-cf-8.12.11-4.25.4.legacy.i386.rpm
c9e37c442488d4079983ad47d74c843b2e835b52 fedora/1/updates/i386/sendmail-devel-8.12.11-4.25.4.legacy.i386.rpm
c3d8da108fb47db91a3bd9513de4e5e403e34656 fedora/1/updates/i386/sendmail-doc-8.12.11-4.25.4.legacy.i386.rpm
1198d4465b351b6555b510fe22ff93c3accdc794 fedora/1/updates/SRPMS/sendmail-8.12.11-4.25.4.legacy.src.rpm
fc2:
719954687788a5194cde32eb235d3d542fa62690 fedora/2/updates/i386/sendmail-8.12.11-4.26.1.legacy.i386.rpm
840bf9b1d018965963ceaffec85e0be2dced5345 fedora/2/updates/i386/sendmail-cf-8.12.11-4.26.1.legacy.i386.rpm
b44e5ba3a369885111d74232960b3de5e5e1207e fedora/2/updates/i386/sendmail-devel-8.12.11-4.26.1.legacy.i386.rpm
2a8eaa15f1c7e50dbc16542e5d93b88e1933d522 fedora/2/updates/i386/sendmail-doc-8.12.11-4.26.1.legacy.i386.rpm
48fce3c232e313a1648d04bdd0ffe727b1cb9867 fedora/2/updates/SRPMS/sendmail-8.12.11-4.26.1.legacy.src.rpm
fc3:
27a009c764d367c5bb32c003ef79611602709808 fedora/3/updates/i386/sendmail-8.13.1-4.legacy.i386.rpm
aa4ae72b7747269f6d20519e3fefd83a28e52df6 fedora/3/updates/i386/sendmail-cf-8.13.1-4.legacy.i386.rpm
ea0d29481a712d42927f15da4fcc2709d4e5fbd0 fedora/3/updates/i386/sendmail-devel-8.13.1-4.legacy.i386.rpm
428282ff79c56f0f0bda0607612c38ca4253ab04 fedora/3/updates/i386/sendmail-doc-8.13.1-4.legacy.i386.rpm
14661dcec23213f5337e1eba749e8657daf5ef4b fedora/3/updates/x86_64/sendmail-8.13.1-4.legacy.x86_64.rpm
c6fdccb6edf57d18aad1c955809ea74cbee333cd fedora/3/updates/x86_64/sendmail-cf-8.13.1-4.legacy.x86_64.rpm
67f50ca7957b1cef314f9ab2e5d5dba81376573c fedora/3/updates/x86_64/sendmail-devel-8.13.1-4.legacy.x86_64.rpm
05be329d3ec2df28d49b1e7f91e2eea9daf0159f fedora/3/updates/x86_64/sendmail-doc-8.13.1-4.legacy.x86_64.rpm
0167c72624710207c4c4b16afdce87e5fb161dd0 fedora/3/updates/SRPMS/sendmail-8.13.1-4.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum <filename>
8. References:
http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
http://www.kb.cert.org/vuls/id/146718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
http://rhn.redhat.com/errata/RHSA-2006-0515.html
9. Contact:
The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
project details at http://www.fedoralegacy.org
---------------------------------------------------------------------
--=_server.j2solutions.com-8602-1162274679-0001-2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Transfer-Encoding: 7bit
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFFRugxxou1V/j9XZwRAi5WAKDIv/qp0H5AxKmU2GBlwmlwaMMVDQCgonMF
W2L3ajlt3O/QyWfy+PERTtc=
=jFWJ
-----END PGP SIGNATURE-----
--=_server.j2solutions.com-8602-1162274679-0001-2--