Explore top 10 tips to secure your open-source projects now. Read More
×sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other popular e-mail servers do not. This is . MGASA-2024-0270 - Updated sendmail packages fix security vulnerability Publication date: 16 Jul 2024 URL: https://advisories.mageia.org/MGASA-2024-0270.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-51765 sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features. (CVE-2023-51765) References: - https://bugs.mageia.org/show_bug.cgi?id=32700 - https://www.openwall.com/lists/oss-security/2023/12/21/6 - https://www.openwall.com/lists/oss-security/2023/12/26/5 - https://www.cve.org/CVERecord?id=CVE-2023-51765 SRPMS: - 9/core/sendmail-8.17.1-4.1.mga9 . Mageia's MGASA-2024-0270 resolves the SMTP injection vulnerability found in sendmail. Important update information highlighted.. sendmail updates, SMTP vulnerability, Mageia security advisory, email security, SPF protection. . LinuxSecurity.com Team
Fixing CVE-2023-51765 (smtp smuggling) requires to reject email that include NUL bytes, in some configuration. Previous security version of sendmail, by default, does not . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3829-2
sendmail allowed SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3829-1
* bsc#1218351 Cross-References: * CVE-2023-51765 . # Security update for sendmail Announcement ID: SUSE-SU-2024:0742-1 Rating: moderate References: * bsc#1218351 Cross-References: * CVE-2023-51765 CVSS scores: * CVE-2023-51765 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-51765 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Legacy Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for sendmail fixes the following issues: * CVE-2023-51765: Fixed new SMTP smuggling attack. (bsc#1218351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Legacy Module 12 zypper in -t patch SUSE-SLE-Module-Legacy-12-2024-742=1 ## Package List: * Legacy Module 12 (aarch64 ppc64le s390x x86_64) * sendmail-8.14.9-4.9.1 * sendmail-debuginfo-8.14.9-4.9.1 * sendmail-debugsource-8.14.9-4.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-51765.html *https://bugzilla.suse.com/show_bug.cgi?id=1218351 . Urgent security patch available for SUSE sendmail impacting multiple versions. Apply immediately to reduce vulnerabilities.. sendmail security, SUSE update, moderate severity, SMTP attack, software patching. . LinuxSecurity.com Team
This update for sendmail fixes the following issues: CVE-2023-51765: Fixed new SMTP smuggling attack. (bsc#1218351). # Security update for sendmail Announcement ID: SUSE-SU-2024:0743-1 Rating: moderate References: * bsc#1218351 Cross-References: * CVE-2023-51765 CVSS scores: * CVE-2023-51765 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-51765 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for sendmail fixes the following issues: * CVE-2023-51765: Fixed new SMTP smuggling attack. (bsc#1218351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-743=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-743=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-743=1 ## Package List: * openSUSE Leap 15.5 (noarch) * sendmail-starttls-8.15.2-150000.8.12.1 * libmilter-doc-8.15.2-150000.8.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * sendmail-devel-8.15.2-150000.8.12.1 * rmail-debuginfo-8.15.2-150000.8.12.1 * libmilter1_0-debuginfo-8.15.2-150000.8.12.1 * libmilter1_0-8.15.2-150000.8.12.1 * sendmail-8.15.2-150000.8.12.1 * sendmail-debuginfo-8.15.2-150000.8.12.1 * rmail-8.15.2-150000.8.12.1 *sendmail-debugsource-8.15.2-150000.8.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libmilter1_0-debuginfo-8.15.2-150000.8.12.1 * sendmail-debugsource-8.15.2-150000.8.12.1 * sendmail-debuginfo-8.15.2-150000.8.12.1 * libmilter1_0-8.15.2-150000.8.12.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * rmail-debuginfo-8.15.2-150000.8.12.1 * sendmail-debugsource-8.15.2-150000.8.12.1 * rmail-8.15.2-150000.8.12.1 * sendmail-debuginfo-8.15.2-150000.8.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-51765.html * https://bugzilla.suse.com/show_bug.cgi?id=1218351 . The latest update for postfix tackles a notable vulnerability identified as CVE-2023-51766, fixing SMTP injection challenges in Fedora.. sendmail security update, openSUSE SMTP fix, moderate vulnerability. . LinuxSecurity.com Team
An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for sendmail ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3898-1 Rating: important References: #1202937 #1204696 Cross-References: CVE-2022-31256 CVSS scores: CVE-2022-31256 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31256 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Server SUSE Linux Enterprise Server for SAP Applications ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sendmail fixes the following issues: - CVE-2022-31256: Fixed mail to root privilege escalation via sm-client.pre script (bsc#1204696, bsc#1202937). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2022-3898=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64 ppc64le s390x x86_64): sendmail-8.14.9-4.6.1 sendmail-debuginfo-8.14.9-4.6.1 sendmail-debugsource-8.14.9-4.6.1 References: https://www.suse.com/security/cve/CVE-2022-31256.html https://bugzilla.suse.com/1202937 https://bugzilla.suse.com/1204696 . Canonical Security Update for postfix tackles a significant vulnerability allowing privilege escalation, thereby enhancing overall systemprotection.. SUSE Linux, sendmail update, security patch, privilege escalation, important advisory. . Severity: Important. LinuxSecurity.com Team
An update that contains security fixes can now be installed. . SUSE Security Update: Security update for sendmail ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3529-1 Rating: important References: #1164084 Affected Products: SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Server SUSE Linux Enterprise Server for SAP Applications ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for sendmail fixes the following issues: - Fixed SMTP session reuse leading to STARTTLS not used even if offered (bsc#1164084). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2022-3529=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64 ppc64le s390x x86_64): sendmail-8.14.9-4.3.1 sendmail-debuginfo-8.14.9-4.3.1 sendmail-debugsource-8.14.9-4.3.1 References: https://bugzilla.suse.com/1164084 . Urgent patch available for sendmail addressing SMTP session reuse vulnerability on SUSE Linux. Apply without delay to boost system security.. SUSE Sendmail Update, SMTP Fixes, Server Security Updates. . Severity: Critical. LinuxSecurity.com Team
A vulnerability in sendmail could allow a local attacker to obtain sensitive information.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: sendmail: Information disclosure Date: December 22, 2014 Bugs: #511760 ID: 201412-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in sendmail could allow a local attacker to obtain sensitive information. Background ========= sendmail is a widely-used Mail Transport Agent (MTA). Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-mta/sendmail < 8.14.9 > = 8.14.9 Description ========== The sm_close_on_exec function in conf.c has arguments in the wrong order. Impact ===== A local attacker could get access to unintended high-numbered file descriptors via a specially crafted program. Workaround ========= There is no known workaround at this time. Resolution ========= All sendmail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =mail-mta/sendmail-8.14.9" References ========= [ 1 ] CVE-2014-3956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3956 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201412-32 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Anysecurity concerns should be addressed to
Get the latest Linux and open source security news straight to your inbox.