RedHat: Critical: sendmail security update

    Date22 Mar 2006
    4645
    Posted ByLinuxSecurity Advisories
    Updated sendmail packages to fix a security issue are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team.
    - ---------------------------------------------------------------------
                       Red Hat Security Advisory
    
    Synopsis:          Critical: sendmail security update
    Advisory ID:       RHSA-2006:0264-01
    Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0264.html
    Issue date:        2006-03-22
    Updated on:        2006-03-22
    Product:           Red Hat Enterprise Linux
    CVE Names:         CVE-2006-0058
    - ---------------------------------------------------------------------
    
    1. Summary:
    
    Updated sendmail packages to fix a security issue are now available for Red
    Hat Enterprise Linux 3 and 4.
    
    This update has been rated as having critical security impact by the Red
    Hat Security Response Team.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
    Red Hat Desktop version 3 - i386, x86_64
    Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
    Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
    Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
    Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
    Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
    Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
    
    3. Problem description:
    
    Sendmail is a Mail Transport Agent (MTA) used to send mail between machines.
    
    A flaw in the handling of asynchronous signals was discovered in Sendmail.
    A remote attacker may be able to exploit a race condition to execute
    arbitrary code as root.  The Common Vulnerabilities and Exposures project
    assigned the name CVE-2006-0058 to this issue.
    
    By default on Red Hat Enterprise Linux 3 and 4, Sendmail is configured to
    only accept connections from the local host.  Therefore, only users who have
    configured Sendmail to listen to remote hosts would be able to be remotely
    exploited by this vulnerability.
    
    Users of Sendmail are advised to upgrade to these erratum packages, which
    contain a backported patch from the Sendmail team to correct this issue.
    
    4. Solution:
    
    Before applying this update, make sure all previously released errata
    relevant to your system have been applied.
    
    This update is available via Red Hat Network.  To use Red Hat Network,
    launch the Red Hat Update Agent with the following command:
    
    up2date
    
    This will start an interactive process that will result in the appropriate
    RPMs being upgraded on your system.
    
    5. Bug IDs fixed (https://bugzilla.redhat.com/):
    
    184465 - CVE-2006-0058  Sendmail race condition issue
    
    
    6. RPMs required:
    
    Red Hat Enterprise Linux AS version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.4.src.rpm
    7d2875e6d9a3b4ddfa54e3be67888070  sendmail-8.12.11-4.RHEL3.4.src.rpm
    
    i386:
    944e64db10b061dff22a10117c7f4a31  sendmail-8.12.11-4.RHEL3.4.i386.rpm
    c8fc53343bff73624542b4ea77c2b565  sendmail-cf-8.12.11-4.RHEL3.4.i386.rpm
    090525584bce022b9e04bafbefb9d71a  sendmail-devel-8.12.11-4.RHEL3.4.i386.rpm
    c3ea9cb0ab86047422d58447e93415fb  sendmail-doc-8.12.11-4.RHEL3.4.i386.rpm
    
    ia64:
    bc6715fefbd6bd9349b8116a13127d6b  sendmail-8.12.11-4.RHEL3.4.ia64.rpm
    beb6de13a56f2fffdfed69ae7a050137  sendmail-cf-8.12.11-4.RHEL3.4.ia64.rpm
    2ad6d475f92907b535b175a10572c897  sendmail-devel-8.12.11-4.RHEL3.4.ia64.rpm
    231ea97fa236e429ecc6f7734f950025  sendmail-doc-8.12.11-4.RHEL3.4.ia64.rpm
    
    ppc:
    e548c09d3101ee937fa900dee199c207  sendmail-8.12.11-4.RHEL3.4.ppc.rpm
    d4e14142aa623898b6a978e7658f036a  sendmail-cf-8.12.11-4.RHEL3.4.ppc.rpm
    813ba2da17685d2923796826d0720735  sendmail-devel-8.12.11-4.RHEL3.4.ppc.rpm
    2dc1c320d39a5733d7e2594a38d2c681  sendmail-doc-8.12.11-4.RHEL3.4.ppc.rpm
    
    s390:
    28995c615c097f06b93566bcf7e7e620  sendmail-8.12.11-4.RHEL3.4.s390.rpm
    f9f3328d6170be64beaa4f1f43cca5a4  sendmail-cf-8.12.11-4.RHEL3.4.s390.rpm
    6d28c9d70fb26c3ae7916f4c20937095  sendmail-devel-8.12.11-4.RHEL3.4.s390.rpm
    1f16f02650a63249180b285e98fca603  sendmail-doc-8.12.11-4.RHEL3.4.s390.rpm
    
    s390x:
    4ef7001ea500dc64f7f14d42e5ef419b  sendmail-8.12.11-4.RHEL3.4.s390x.rpm
    f6607a113c0efa597fdea8926c060436  sendmail-cf-8.12.11-4.RHEL3.4.s390x.rpm
    65122cedf0c82b7491fcaa30bf135f63  sendmail-devel-8.12.11-4.RHEL3.4.s390x.rpm
    9df7ab571f5ad111db83bf403d58ef88  sendmail-doc-8.12.11-4.RHEL3.4.s390x.rpm
    
    x86_64:
    33764d084b7cfbb9687ec3a55f6e466c  sendmail-8.12.11-4.RHEL3.4.x86_64.rpm
    ea1690edc3270c917b63c10b3c2b47a3  sendmail-cf-8.12.11-4.RHEL3.4.x86_64.rpm
    0a5290a0b2b2c96558fa120120eb316d  sendmail-devel-8.12.11-4.RHEL3.4.x86_64.rpm
    48a4b96f92aea23a54b7e2740dcc8f87  sendmail-doc-8.12.11-4.RHEL3.4.x86_64.rpm
    
    Red Hat Desktop version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.4.src.rpm
    7d2875e6d9a3b4ddfa54e3be67888070  sendmail-8.12.11-4.RHEL3.4.src.rpm
    
    i386:
    944e64db10b061dff22a10117c7f4a31  sendmail-8.12.11-4.RHEL3.4.i386.rpm
    c8fc53343bff73624542b4ea77c2b565  sendmail-cf-8.12.11-4.RHEL3.4.i386.rpm
    090525584bce022b9e04bafbefb9d71a  sendmail-devel-8.12.11-4.RHEL3.4.i386.rpm
    c3ea9cb0ab86047422d58447e93415fb  sendmail-doc-8.12.11-4.RHEL3.4.i386.rpm
    
    x86_64:
    33764d084b7cfbb9687ec3a55f6e466c  sendmail-8.12.11-4.RHEL3.4.x86_64.rpm
    ea1690edc3270c917b63c10b3c2b47a3  sendmail-cf-8.12.11-4.RHEL3.4.x86_64.rpm
    0a5290a0b2b2c96558fa120120eb316d  sendmail-devel-8.12.11-4.RHEL3.4.x86_64.rpm
    48a4b96f92aea23a54b7e2740dcc8f87  sendmail-doc-8.12.11-4.RHEL3.4.x86_64.rpm
    
    Red Hat Enterprise Linux ES version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.4.src.rpm
    7d2875e6d9a3b4ddfa54e3be67888070  sendmail-8.12.11-4.RHEL3.4.src.rpm
    
    i386:
    944e64db10b061dff22a10117c7f4a31  sendmail-8.12.11-4.RHEL3.4.i386.rpm
    c8fc53343bff73624542b4ea77c2b565  sendmail-cf-8.12.11-4.RHEL3.4.i386.rpm
    090525584bce022b9e04bafbefb9d71a  sendmail-devel-8.12.11-4.RHEL3.4.i386.rpm
    c3ea9cb0ab86047422d58447e93415fb  sendmail-doc-8.12.11-4.RHEL3.4.i386.rpm
    
    ia64:
    bc6715fefbd6bd9349b8116a13127d6b  sendmail-8.12.11-4.RHEL3.4.ia64.rpm
    beb6de13a56f2fffdfed69ae7a050137  sendmail-cf-8.12.11-4.RHEL3.4.ia64.rpm
    2ad6d475f92907b535b175a10572c897  sendmail-devel-8.12.11-4.RHEL3.4.ia64.rpm
    231ea97fa236e429ecc6f7734f950025  sendmail-doc-8.12.11-4.RHEL3.4.ia64.rpm
    
    x86_64:
    33764d084b7cfbb9687ec3a55f6e466c  sendmail-8.12.11-4.RHEL3.4.x86_64.rpm
    ea1690edc3270c917b63c10b3c2b47a3  sendmail-cf-8.12.11-4.RHEL3.4.x86_64.rpm
    0a5290a0b2b2c96558fa120120eb316d  sendmail-devel-8.12.11-4.RHEL3.4.x86_64.rpm
    48a4b96f92aea23a54b7e2740dcc8f87  sendmail-doc-8.12.11-4.RHEL3.4.x86_64.rpm
    
    Red Hat Enterprise Linux WS version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.4.src.rpm
    7d2875e6d9a3b4ddfa54e3be67888070  sendmail-8.12.11-4.RHEL3.4.src.rpm
    
    i386:
    944e64db10b061dff22a10117c7f4a31  sendmail-8.12.11-4.RHEL3.4.i386.rpm
    c8fc53343bff73624542b4ea77c2b565  sendmail-cf-8.12.11-4.RHEL3.4.i386.rpm
    090525584bce022b9e04bafbefb9d71a  sendmail-devel-8.12.11-4.RHEL3.4.i386.rpm
    c3ea9cb0ab86047422d58447e93415fb  sendmail-doc-8.12.11-4.RHEL3.4.i386.rpm
    
    ia64:
    bc6715fefbd6bd9349b8116a13127d6b  sendmail-8.12.11-4.RHEL3.4.ia64.rpm
    beb6de13a56f2fffdfed69ae7a050137  sendmail-cf-8.12.11-4.RHEL3.4.ia64.rpm
    2ad6d475f92907b535b175a10572c897  sendmail-devel-8.12.11-4.RHEL3.4.ia64.rpm
    231ea97fa236e429ecc6f7734f950025  sendmail-doc-8.12.11-4.RHEL3.4.ia64.rpm
    
    x86_64:
    33764d084b7cfbb9687ec3a55f6e466c  sendmail-8.12.11-4.RHEL3.4.x86_64.rpm
    ea1690edc3270c917b63c10b3c2b47a3  sendmail-cf-8.12.11-4.RHEL3.4.x86_64.rpm
    0a5290a0b2b2c96558fa120120eb316d  sendmail-devel-8.12.11-4.RHEL3.4.x86_64.rpm
    48a4b96f92aea23a54b7e2740dcc8f87  sendmail-doc-8.12.11-4.RHEL3.4.x86_64.rpm
    
    Red Hat Enterprise Linux AS version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.3.src.rpm
    e83dd254437bf7d4415a6be12c7a58da  sendmail-8.13.1-3.RHEL4.3.src.rpm
    
    i386:
    fba1a601a1ab106f67b22030ad090c28  sendmail-8.13.1-3.RHEL4.3.i386.rpm
    8ed398a86f127e08ee31b19f14deafc4  sendmail-cf-8.13.1-3.RHEL4.3.i386.rpm
    dade78569735970629e880969892b9f3  sendmail-devel-8.13.1-3.RHEL4.3.i386.rpm
    3e656f2c678aa19f32eaad782abada8a  sendmail-doc-8.13.1-3.RHEL4.3.i386.rpm
    
    ia64:
    7b366e3fbfab8ce2a4cabff56c5dae2b  sendmail-8.13.1-3.RHEL4.3.ia64.rpm
    4d2625fc1981329a7a348b360c9c2209  sendmail-cf-8.13.1-3.RHEL4.3.ia64.rpm
    23e84e296ce17c5a18d2dd8ed3189d7e  sendmail-devel-8.13.1-3.RHEL4.3.ia64.rpm
    5d4ca9a18cc0cd9148679fc8e4b9b339  sendmail-doc-8.13.1-3.RHEL4.3.ia64.rpm
    
    ppc:
    5d46ed345d357e23637ee93538c9bf6c  sendmail-8.13.1-3.RHEL4.3.ppc.rpm
    94419ba6a9ca2b2c5fd6c270e27a0c0a  sendmail-cf-8.13.1-3.RHEL4.3.ppc.rpm
    605283ccb19d98bc52c28455c4cb33ef  sendmail-devel-8.13.1-3.RHEL4.3.ppc.rpm
    f94dff61d5f788c40a6da60bc54f35fd  sendmail-doc-8.13.1-3.RHEL4.3.ppc.rpm
    
    s390:
    c4a8cae7959a00d193e839219c451ccf  sendmail-8.13.1-3.RHEL4.3.s390.rpm
    de299b0e3f4fd221c13ae2112a1cc8db  sendmail-cf-8.13.1-3.RHEL4.3.s390.rpm
    af0b3dd5a26d1c2c375b9aa83bce4d66  sendmail-devel-8.13.1-3.RHEL4.3.s390.rpm
    4839491332c2ff2fff4316655e3004b4  sendmail-doc-8.13.1-3.RHEL4.3.s390.rpm
    
    s390x:
    035e31b624879ea90785783a4565b91e  sendmail-8.13.1-3.RHEL4.3.s390x.rpm
    a435f54801fe106550537e35078c115e  sendmail-cf-8.13.1-3.RHEL4.3.s390x.rpm
    585b0b0c27f4fb729c31037f0887c375  sendmail-devel-8.13.1-3.RHEL4.3.s390x.rpm
    8ba7aabd895330273240c1bcdbe295a8  sendmail-doc-8.13.1-3.RHEL4.3.s390x.rpm
    
    x86_64:
    798fc57962c9588440de9556f06fe3ab  sendmail-8.13.1-3.RHEL4.3.x86_64.rpm
    126a565b097fcf2d48b94e735686d083  sendmail-cf-8.13.1-3.RHEL4.3.x86_64.rpm
    8d60a35991c05a6fe959a529ade0959c  sendmail-devel-8.13.1-3.RHEL4.3.x86_64.rpm
    0bcbe2d9682b2505c439650f693a0b6c  sendmail-doc-8.13.1-3.RHEL4.3.x86_64.rpm
    
    Red Hat Enterprise Linux Desktop version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.3.src.rpm
    e83dd254437bf7d4415a6be12c7a58da  sendmail-8.13.1-3.RHEL4.3.src.rpm
    
    i386:
    fba1a601a1ab106f67b22030ad090c28  sendmail-8.13.1-3.RHEL4.3.i386.rpm
    8ed398a86f127e08ee31b19f14deafc4  sendmail-cf-8.13.1-3.RHEL4.3.i386.rpm
    dade78569735970629e880969892b9f3  sendmail-devel-8.13.1-3.RHEL4.3.i386.rpm
    3e656f2c678aa19f32eaad782abada8a  sendmail-doc-8.13.1-3.RHEL4.3.i386.rpm
    
    x86_64:
    798fc57962c9588440de9556f06fe3ab  sendmail-8.13.1-3.RHEL4.3.x86_64.rpm
    126a565b097fcf2d48b94e735686d083  sendmail-cf-8.13.1-3.RHEL4.3.x86_64.rpm
    8d60a35991c05a6fe959a529ade0959c  sendmail-devel-8.13.1-3.RHEL4.3.x86_64.rpm
    0bcbe2d9682b2505c439650f693a0b6c  sendmail-doc-8.13.1-3.RHEL4.3.x86_64.rpm
    
    Red Hat Enterprise Linux ES version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.3.src.rpm
    e83dd254437bf7d4415a6be12c7a58da  sendmail-8.13.1-3.RHEL4.3.src.rpm
    
    i386:
    fba1a601a1ab106f67b22030ad090c28  sendmail-8.13.1-3.RHEL4.3.i386.rpm
    8ed398a86f127e08ee31b19f14deafc4  sendmail-cf-8.13.1-3.RHEL4.3.i386.rpm
    dade78569735970629e880969892b9f3  sendmail-devel-8.13.1-3.RHEL4.3.i386.rpm
    3e656f2c678aa19f32eaad782abada8a  sendmail-doc-8.13.1-3.RHEL4.3.i386.rpm
    
    ia64:
    7b366e3fbfab8ce2a4cabff56c5dae2b  sendmail-8.13.1-3.RHEL4.3.ia64.rpm
    4d2625fc1981329a7a348b360c9c2209  sendmail-cf-8.13.1-3.RHEL4.3.ia64.rpm
    23e84e296ce17c5a18d2dd8ed3189d7e  sendmail-devel-8.13.1-3.RHEL4.3.ia64.rpm
    5d4ca9a18cc0cd9148679fc8e4b9b339  sendmail-doc-8.13.1-3.RHEL4.3.ia64.rpm
    
    x86_64:
    798fc57962c9588440de9556f06fe3ab  sendmail-8.13.1-3.RHEL4.3.x86_64.rpm
    126a565b097fcf2d48b94e735686d083  sendmail-cf-8.13.1-3.RHEL4.3.x86_64.rpm
    8d60a35991c05a6fe959a529ade0959c  sendmail-devel-8.13.1-3.RHEL4.3.x86_64.rpm
    0bcbe2d9682b2505c439650f693a0b6c  sendmail-doc-8.13.1-3.RHEL4.3.x86_64.rpm
    
    Red Hat Enterprise Linux WS version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.3.src.rpm
    e83dd254437bf7d4415a6be12c7a58da  sendmail-8.13.1-3.RHEL4.3.src.rpm
    
    i386:
    fba1a601a1ab106f67b22030ad090c28  sendmail-8.13.1-3.RHEL4.3.i386.rpm
    8ed398a86f127e08ee31b19f14deafc4  sendmail-cf-8.13.1-3.RHEL4.3.i386.rpm
    dade78569735970629e880969892b9f3  sendmail-devel-8.13.1-3.RHEL4.3.i386.rpm
    3e656f2c678aa19f32eaad782abada8a  sendmail-doc-8.13.1-3.RHEL4.3.i386.rpm
    
    ia64:
    7b366e3fbfab8ce2a4cabff56c5dae2b  sendmail-8.13.1-3.RHEL4.3.ia64.rpm
    4d2625fc1981329a7a348b360c9c2209  sendmail-cf-8.13.1-3.RHEL4.3.ia64.rpm
    23e84e296ce17c5a18d2dd8ed3189d7e  sendmail-devel-8.13.1-3.RHEL4.3.ia64.rpm
    5d4ca9a18cc0cd9148679fc8e4b9b339  sendmail-doc-8.13.1-3.RHEL4.3.ia64.rpm
    
    x86_64:
    798fc57962c9588440de9556f06fe3ab  sendmail-8.13.1-3.RHEL4.3.x86_64.rpm
    126a565b097fcf2d48b94e735686d083  sendmail-cf-8.13.1-3.RHEL4.3.x86_64.rpm
    8d60a35991c05a6fe959a529ade0959c  sendmail-devel-8.13.1-3.RHEL4.3.x86_64.rpm
    0bcbe2d9682b2505c439650f693a0b6c  sendmail-doc-8.13.1-3.RHEL4.3.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and 
    details on how to verify the signature are available from
    https://www.redhat.com/security/team/key/#package
    
    7. References:
    
    https://www.kb.cert.org/vuls/id/834865
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
    
    8. Contact:
    
    The Red Hat security contact is .  More contact
    details at https://www.redhat.com/security/team/contact/
    
    Copyright 2006 Red Hat, Inc.
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"53","type":"x","order":"1","pct":86.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"6","type":"x","order":"2","pct":9.84,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.28,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.