-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  sendmail (SSA:2006-081-01)

New sendmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, and -current to fix a security issue.

Sendmail's advisory concerning this issue may be found here:
  https://www.proofpoint.com/us/products/email-protection/open-source-email-solution

This issue will appear in the Common Vulnerabilities and Exposures (CVE)
database at the following location:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058


Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/sendmail-8.13.6-i486-1.tgz:  Upgraded to sendmail-8.13.6.
  This new version of sendmail contains a fix for a security problem
  discovered by Mark Dowd of ISS X-Force.  From sendmail's advisory:
    Sendmail was notified by security researchers at ISS that, under some
    specific timing conditions, this vulnerability may permit a specifically
    crafted attack to take over the sendmail MTA process, allowing remote
    attackers to execute commands and run arbitrary programs on the system
    running the MTA, affecting email delivery, or tampering with other
    programs and data on this system.  Sendmail is not aware of any public
    exploit code for this vulnerability.  This connection-oriented
    vulnerability does not occur in the normal course of sending and
    receiving email.  It is only triggered when specific conditions are
    created through SMTP connection layer commands.
  Sendmail's complete advisory may be found here:
    https://www.proofpoint.com/us/products/email-protection/open-source-email-solution
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
  (* Security fix *)
patches/packages/sendmail-cf-8.13.6-noarch-1.tgz:
  Upgraded to sendmail-8.13.6 configuration files.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated packages for Slackware 8.1:

Updated packages for Slackware 9.0:

Updated packages for Slackware 9.1:

Updated packages for Slackware 10.0:

Updated packages for Slackware 10.1:

Updated packages for Slackware 10.2:

Updated packages for Slackware -current:


MD5 signatures:
+-------------+

Slackware 8.1 packages:
e999863fc475210e60cf1ee0a261c252  sendmail-8.13.6-i386-1.tgz
7afa82a6bc0416a056eb2bed6eec80cc  sendmail-cf-8.13.6-noarch-1.tgz

Slackware 9.0 packages:
2f3e3ab6501d7c692c0b60a24576f588  sendmail-8.13.6-i386-1.tgz
d9741b293311989533e8fe047cd0edaa  sendmail-cf-8.13.6-noarch-1.tgz

Slackware 9.1 packages:
f8b27b802cc2d2971648d67b2b3bb8c1  sendmail-8.13.6-i486-1.tgz
81949d02b934c1d0faa60034a712cd2d  sendmail-cf-8.13.6-noarch-1.tgz

Slackware 10.0 packages:
58cb92a015c79e0122edf86d0db65ae6  sendmail-8.13.6-i486-1.tgz
503b025e94cb495eeccf12f2531c3fc0  sendmail-cf-8.13.6-noarch-1.tgz

Slackware 10.1 packages:
840ac3cda6c6cd0a7056e356bc4f8160  sendmail-8.13.6-i486-1.tgz
5ba1def76a387c20274a3710681286f6  sendmail-cf-8.13.6-noarch-1.tgz

Slackware 10.2 packages:
68ba3f436ce577463baf0633282aaa45  sendmail-8.13.6-i486-1.tgz
789837f2b7fe8f00851b66780a38fb67  sendmail-cf-8.13.6-noarch-1.tgz

Slackware -current packages:
0e34e5def2ecf92ca4ba82f6a403c079  sendmail-8.13.6-i486-1.tgz
7321cc3bb735164777e7c5c54b23b641  sendmail-cf-8.13.6-noarch-1.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg sendmail-8.13.6-i486-1.tgz sendmail-cf-8.13.6-noarch-1.tgz

Restart sendmail:
# . /etc/rc.d/rc.sendmail restart


+-----+

Slackware: 2006-081-01: sendmail Security Update

March 22, 2006
New sendmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue

Summary

Here are the details from the Slackware 10.2 ChangeLog: patches/packages/sendmail-8.13.6-i486-1.tgz: Upgraded to sendmail-8.13.6. This new version of sendmail contains a fix for a security problem discovered by Mark Dowd of ISS X-Force. From sendmail's advisory: Sendmail was notified by security researchers at ISS that, under some specific timing conditions, this vulnerability may permit a specifically crafted attack to take over the sendmail MTA process, allowing remote attackers to execute commands and run arbitrary programs on the system running the MTA, affecting email delivery, or tampering with other programs and data on this system. Sendmail is not aware of any public exploit code for this vulnerability. This connection-oriented vulnerability does not occur in the normal course of sending and receiving email. It is only triggered when specific conditions are created through SMTP connection layer commands. Sendmail's complete advisory may be found here: https://www.proofpoint.com/us/products/email-protection/open-source-email-solution The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058 (* Security fix *) patches/packages/sendmail-cf-8.13.6-noarch-1.tgz: Upgraded to sendmail-8.13.6 configuration files.

Where Find New Packages

Updated packages for Slackware 8.1:
Updated packages for Slackware 9.0:
Updated packages for Slackware 9.1:
Updated packages for Slackware 10.0:
Updated packages for Slackware 10.1:
Updated packages for Slackware 10.2:
Updated packages for Slackware -current:

MD5 Signatures

Slackware 8.1 packages: e999863fc475210e60cf1ee0a261c252 sendmail-8.13.6-i386-1.tgz 7afa82a6bc0416a056eb2bed6eec80cc sendmail-cf-8.13.6-noarch-1.tgz
Slackware 9.0 packages: 2f3e3ab6501d7c692c0b60a24576f588 sendmail-8.13.6-i386-1.tgz d9741b293311989533e8fe047cd0edaa sendmail-cf-8.13.6-noarch-1.tgz
Slackware 9.1 packages: f8b27b802cc2d2971648d67b2b3bb8c1 sendmail-8.13.6-i486-1.tgz 81949d02b934c1d0faa60034a712cd2d sendmail-cf-8.13.6-noarch-1.tgz
Slackware 10.0 packages: 58cb92a015c79e0122edf86d0db65ae6 sendmail-8.13.6-i486-1.tgz 503b025e94cb495eeccf12f2531c3fc0 sendmail-cf-8.13.6-noarch-1.tgz
Slackware 10.1 packages: 840ac3cda6c6cd0a7056e356bc4f8160 sendmail-8.13.6-i486-1.tgz 5ba1def76a387c20274a3710681286f6 sendmail-cf-8.13.6-noarch-1.tgz
Slackware 10.2 packages: 68ba3f436ce577463baf0633282aaa45 sendmail-8.13.6-i486-1.tgz 789837f2b7fe8f00851b66780a38fb67 sendmail-cf-8.13.6-noarch-1.tgz
Slackware -current packages: 0e34e5def2ecf92ca4ba82f6a403c079 sendmail-8.13.6-i486-1.tgz 7321cc3bb735164777e7c5c54b23b641 sendmail-cf-8.13.6-noarch-1.tgz

Severity
[slackware-security] sendmail (SSA:2006-081-01)
New sendmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue.
Sendmail's advisory concerning this issue may be found here: https://www.proofpoint.com/us/products/email-protection/open-source-email-solution
This issue will appear in the Common Vulnerabilities and Exposures (CVE) database at the following location: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg sendmail-8.13.6-i486-1.tgz sendmail-cf-8.13.6-noarch-1.tgz Restart sendmail: # . /etc/rc.d/rc.sendmail restart

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved