|
|
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] sendmail (SSA:2006-081-01)
Date: Wed, 22 Mar 2006 12:16:51 -0800 (PST) |
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] sendmail (SSA:2006-081-01)
New sendmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, and -current to fix a security issue.
Sendmail's advisory concerning this issue may be found here:
http://www.sendmail.com/company/advisory/index.shtml
This issue will appear in the Common Vulnerabilities and Exposures (CVE)
database at the following location:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/sendmail-8.13.6-i486-1.tgz: Upgraded to sendmail-8.13.6.
This new version of sendmail contains a fix for a security problem
discovered by Mark Dowd of ISS X-Force. From sendmail's advisory:
Sendmail was notified by security researchers at ISS that, under some
specific timing conditions, this vulnerability may permit a specifically
crafted attack to take over the sendmail MTA process, allowing remote
attackers to execute commands and run arbitrary programs on the system
running the MTA, affecting email delivery, or tampering with other
programs and data on this system. Sendmail is not aware of any public
exploit code for this vulnerability. This connection-oriented
vulnerability does not occur in the normal course of sending and
receiving email. It is only triggered when specific conditions are
created through SMTP connection layer commands.
Sendmail's complete advisory may be found here:
http://www.sendmail.com/company/advisory/index.shtml
The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
(* Security fix *)
patches/packages/sendmail-cf-8.13.6-noarch-1.tgz:
Upgraded to sendmail-8.13.6 configuration files.
+--------------------------+
Where to find the new packages:
+-----------------------------+
Updated packages for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-8.13.6-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-cf-8.13.6-noarch-1.tgz
Updated packages for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sendmail-8.13.6-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sendmail-cf-8.13.6-noarch-1.tgz
Updated packages for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/sendmail-8.13.6-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/sendmail-cf-8.13.6-noarch-1.tgz
Updated packages for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/sendmail-8.13.6-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/sendmail-cf-8.13.6-noarch-1.tgz
Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/sendmail-8.13.6-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/sendmail-cf-8.13.6-noarch-1.tgz
Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/sendmail-8.13.6-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/sendmail-cf-8.13.6-noarch-1.tgz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sendmail-8.13.6-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sendmail-cf-8.13.6-noarch-1.tgz
MD5 signatures:
+-------------+
Slackware 8.1 packages:
e999863fc475210e60cf1ee0a261c252 sendmail-8.13.6-i386-1.tgz
7afa82a6bc0416a056eb2bed6eec80cc sendmail-cf-8.13.6-noarch-1.tgz
Slackware 9.0 packages:
2f3e3ab6501d7c692c0b60a24576f588 sendmail-8.13.6-i386-1.tgz
d9741b293311989533e8fe047cd0edaa sendmail-cf-8.13.6-noarch-1.tgz
Slackware 9.1 packages:
f8b27b802cc2d2971648d67b2b3bb8c1 sendmail-8.13.6-i486-1.tgz
81949d02b934c1d0faa60034a712cd2d sendmail-cf-8.13.6-noarch-1.tgz
Slackware 10.0 packages:
58cb92a015c79e0122edf86d0db65ae6 sendmail-8.13.6-i486-1.tgz
503b025e94cb495eeccf12f2531c3fc0 sendmail-cf-8.13.6-noarch-1.tgz
Slackware 10.1 packages:
840ac3cda6c6cd0a7056e356bc4f8160 sendmail-8.13.6-i486-1.tgz
5ba1def76a387c20274a3710681286f6 sendmail-cf-8.13.6-noarch-1.tgz
Slackware 10.2 packages:
68ba3f436ce577463baf0633282aaa45 sendmail-8.13.6-i486-1.tgz
789837f2b7fe8f00851b66780a38fb67 sendmail-cf-8.13.6-noarch-1.tgz
Slackware -current packages:
0e34e5def2ecf92ca4ba82f6a403c079 sendmail-8.13.6-i486-1.tgz
7321cc3bb735164777e7c5c54b23b641 sendmail-cf-8.13.6-noarch-1.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg sendmail-8.13.6-i486-1.tgz sendmail-cf-8.13.6-noarch-1.tgz
Restart sendmail:
# . /etc/rc.d/rc.sendmail restart
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFEIaqyakRjwEAQIjMRAvUyAJ9q0nZgvQTqj8cliC0y1+Ky2ohtbACdGQsm
xAa5ZM/IjgxEmz0rJLypInk=
=R0me
-----END PGP SIGNATURE-----
|
| |