Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 526
Alerts This Week
Warning Icon 1 526

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 54 articles for you...
203

Mageia 9: MGASA-2024-0270 Moderate: Sendmail SMTP Spoofing Threat

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other popular e-mail servers do not. This is . MGASA-2024-0270 - Updated sendmail packages fix security vulnerability Publication date: 16 Jul 2024 URL: https://advisories.mageia.org/MGASA-2024-0270.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-51765 sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features. (CVE-2023-51765) References: - https://bugs.mageia.org/show_bug.cgi?id=32700 - https://www.openwall.com/lists/oss-security/2023/12/21/6 - https://www.openwall.com/lists/oss-security/2023/12/26/5 - https://www.cve.org/CVERecord?id=CVE-2023-51765 SRPMS: - 9/core/sendmail-8.17.1-4.1.mga9 . Mageia's MGASA-2024-0270 resolves the SMTP injection vulnerability found in sendmail. Important update information highlighted.. sendmail updates, SMTP vulnerability, Mageia security advisory, email security, SPF protection. . LinuxSecurity.com Team

Calendar%202 Jul 16, 2024 Mageia
197

Debian 10: DLA-3829-2 Critical: Sendmail Fix for SMTP Smuggling

Fixing CVE-2023-51765 (smtp smuggling) requires to reject email that include NUL bytes, in some configuration. Previous security version of sendmail, by default, does not . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3829-2 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Bastien Roucariès June 20, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : sendmail Version : 8.15.2-14~deb10u3 Fixing CVE-2023-51765 (smtp smuggling) requires to reject email that include NUL bytes, in some configuration. Previous security version of sendmail, by default, does not reject email that include NUL bytes. For Debian 10 buster, this problem has been fixed in version 8.15.2-14~deb10u3. We recommend that you upgrade your sendmail packages. For the detailed security status of sendmail please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/sendmail Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Mitigations for sendmail weakness CVE-2023-51765 are incorporated in Debian LTS DLA-3829-2. It is advisable to upgrade for enhanced security.. Debian Sendmail Update, SMTP Smuggling Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 20, 2024 Critical Debian LTS
197

Debian 10 Buster DLA-3829-1 Critical: Sendmail SMTP Injection Risk

sendmail allowed SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3829-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Bastien Roucariès June 15, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : sendmail Version : 8.15.2-14~deb10u2 CVE ID : CVE-2023-51765 Debian Bug : 1059386 sendmail allowed SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other popular e-mail servers do not. This particular injection vulnerability has been closed, unfortunatly full closure need to reject mail that contain NUL (0x00 byte). This is slighly non conformant with RFC and could be opt-out by setting confREJECT_NUL to 'false' in sendmail.mc file. For Debian 10 buster, this problem has been fixed in version 8.15.2-14~deb10u2. We recommend that you upgrade your sendmail packages. For the detailed security status of sendmail please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/sendmail Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu Security Notice USN-4891-1 tackles the vulnerability in apache2's remote code execution issue, enhancing server integrity.. sendmail Security, Debian Updates, SMTP Injection, Email Security, LTS Advisory. . Severity: Critical.LinuxSecurity.com Team

Calendar%202 Jun 15, 2024 Critical Debian LTS
100

SUSE: 2024:0742-1 Moderate: Sendmail SMTP Smuggling Attack

* bsc#1218351 Cross-References: * CVE-2023-51765 . # Security update for sendmail Announcement ID: SUSE-SU-2024:0742-1 Rating: moderate References: * bsc#1218351 Cross-References: * CVE-2023-51765 CVSS scores: * CVE-2023-51765 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-51765 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Legacy Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for sendmail fixes the following issues: * CVE-2023-51765: Fixed new SMTP smuggling attack. (bsc#1218351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Legacy Module 12 zypper in -t patch SUSE-SLE-Module-Legacy-12-2024-742=1 ## Package List: * Legacy Module 12 (aarch64 ppc64le s390x x86_64) * sendmail-8.14.9-4.9.1 * sendmail-debuginfo-8.14.9-4.9.1 * sendmail-debugsource-8.14.9-4.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-51765.html *https://bugzilla.suse.com/show_bug.cgi?id=1218351 . Urgent security patch available for SUSE sendmail impacting multiple versions. Apply immediately to reduce vulnerabilities.. sendmail security, SUSE update, moderate severity, SMTP attack, software patching. . LinuxSecurity.com Team

Calendar%202 Mar 04, 2024 SuSE
202

openSUSE 15.5: 2024:0743-1 Moderate: sendmail SMTP Attack

This update for sendmail fixes the following issues: CVE-2023-51765: Fixed new SMTP smuggling attack. (bsc#1218351). # Security update for sendmail Announcement ID: SUSE-SU-2024:0743-1 Rating: moderate References: * bsc#1218351 Cross-References: * CVE-2023-51765 CVSS scores: * CVE-2023-51765 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-51765 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for sendmail fixes the following issues: * CVE-2023-51765: Fixed new SMTP smuggling attack. (bsc#1218351) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-743=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-743=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-743=1 ## Package List: * openSUSE Leap 15.5 (noarch) * sendmail-starttls-8.15.2-150000.8.12.1 * libmilter-doc-8.15.2-150000.8.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * sendmail-devel-8.15.2-150000.8.12.1 * rmail-debuginfo-8.15.2-150000.8.12.1 * libmilter1_0-debuginfo-8.15.2-150000.8.12.1 * libmilter1_0-8.15.2-150000.8.12.1 * sendmail-8.15.2-150000.8.12.1 * sendmail-debuginfo-8.15.2-150000.8.12.1 * rmail-8.15.2-150000.8.12.1 *sendmail-debugsource-8.15.2-150000.8.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libmilter1_0-debuginfo-8.15.2-150000.8.12.1 * sendmail-debugsource-8.15.2-150000.8.12.1 * sendmail-debuginfo-8.15.2-150000.8.12.1 * libmilter1_0-8.15.2-150000.8.12.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * rmail-debuginfo-8.15.2-150000.8.12.1 * sendmail-debugsource-8.15.2-150000.8.12.1 * rmail-8.15.2-150000.8.12.1 * sendmail-debuginfo-8.15.2-150000.8.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-51765.html * https://bugzilla.suse.com/show_bug.cgi?id=1218351 . The latest update for postfix tackles a notable vulnerability identified as CVE-2023-51766, fixing SMTP injection challenges in Fedora.. sendmail security update, openSUSE SMTP fix, moderate vulnerability. . LinuxSecurity.com Team

Calendar%202 Mar 04, 2024 OpenSUSE
100

SUSE 2022:3898-1 Important: Sendmail Privilege Escalation

An update that solves one vulnerability and has one errata is now available. . SUSE Security Update: Security update for sendmail ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3898-1 Rating: important References: #1202937 #1204696 Cross-References: CVE-2022-31256 CVSS scores: CVE-2022-31256 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31256 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Server SUSE Linux Enterprise Server for SAP Applications ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sendmail fixes the following issues: - CVE-2022-31256: Fixed mail to root privilege escalation via sm-client.pre script (bsc#1204696, bsc#1202937). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2022-3898=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64 ppc64le s390x x86_64): sendmail-8.14.9-4.6.1 sendmail-debuginfo-8.14.9-4.6.1 sendmail-debugsource-8.14.9-4.6.1 References: https://www.suse.com/security/cve/CVE-2022-31256.html https://bugzilla.suse.com/1202937 https://bugzilla.suse.com/1204696 . Canonical Security Update for postfix tackles a significant vulnerability allowing privilege escalation, thereby enhancing overall systemprotection.. SUSE Linux, sendmail update, security patch, privilege escalation, important advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 08, 2022 Important SuSE
100

SUSE: 2022:3529-1 Critical: Sendmail SMTP Session Issue

An update that contains security fixes can now be installed. . SUSE Security Update: Security update for sendmail ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3529-1 Rating: important References: #1164084 Affected Products: SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Server SUSE Linux Enterprise Server for SAP Applications ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for sendmail fixes the following issues: - Fixed SMTP session reuse leading to STARTTLS not used even if offered (bsc#1164084). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2022-3529=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 12 (aarch64 ppc64le s390x x86_64): sendmail-8.14.9-4.3.1 sendmail-debuginfo-8.14.9-4.3.1 sendmail-debugsource-8.14.9-4.3.1 References: https://bugzilla.suse.com/1164084 . Urgent patch available for sendmail addressing SMTP session reuse vulnerability on SUSE Linux. Apply without delay to boost system security.. SUSE Sendmail Update, SMTP Fixes, Server Security Updates. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Oct 05, 2022 Critical SuSE
91

Gentoo: GLSA-202308-15 Normal: Postfix Security Vulnerability

A vulnerability in sendmail could allow a local attacker to obtain sensitive information.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: sendmail: Information disclosure Date: December 22, 2014 Bugs: #511760 ID: 201412-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in sendmail could allow a local attacker to obtain sensitive information. Background ========= sendmail is a widely-used Mail Transport Agent (MTA). Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-mta/sendmail < 8.14.9 > = 8.14.9 Description ========== The sm_close_on_exec function in conf.c has arguments in the wrong order. Impact ===== A local attacker could get access to unintended high-numbered file descriptors via a specially crafted program. Workaround ========= There is no known workaround at this time. Resolution ========= All sendmail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =mail-mta/sendmail-8.14.9" References ========= [ 1 ] CVE-2014-3956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3956 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201412-32 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Anysecurity concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . This notice pertains to a data exposure issue found in Sendmail for Gentoo. A security update is advised.. Gentoo Security Advisory, Sendmail Information Disclosure, Software Upgrade. . LinuxSecurity.com Team

Calendar%202 Dec 22, 2014 Gentoo
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200