Debian GNU/Linux
Debian Security Advisory DSA 1013-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
March 22nd, 2006 http://www.debian.org/security/faq
Package : snmptrapfmt
Vulnerability : insecure temporary file Problem type : local
Debian-specific: no
CVE ID : CVE-2006-0050
Will Aoki discovered that snmptrapfmt, a configurable snmp trap
handler daemon for snmpd, does not prevent overwriting existing
files when writing to a temporary log file.
For the old stable distribution (woody) this problem has been
fixed in version 1.03woody1.
For the stable distribution (sarge) this problem has been fixed
in version 1.08sarge1.
For the unstable distribution (sid) this problem has been fixed
in version 1.10-1.
We recommend that you upgrade your snmptrapfmt package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1.dsc
Size/MD5 checksum: 526
70bff136cf1671dba87b7c25b76b534c
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1.tar.gz
Size/MD5 checksum: 16716
ac6bcf8eccfa4f71e0ef9ea14bdd4ef2
Alpha architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_alpha.deb
Size/MD5 checksum: 20836
85e594b0cba3135205290f6e9c9e45d8
ARM architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_arm.deb
Size/MD5 checksum: 15972
727d82a7bf68f33f058026608636179b
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_i386.deb
Size/MD5 checksum: 15828
51cc452a5a4a34adf3eee8bd0f1cc931
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_ia64.deb
Size/MD5 checksum: 23470
d88193f743bd931056ababfe186b406d
HP Precision architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_hppa.deb
Size/MD5 checksum: 17876
eb4bfab080f1e01f8c1c424b37e86d2e
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_m68k.deb
Size/MD5 checksum: 15300
e5bc6331255c4d367b21fa33484a24df
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_mips.deb
Size/MD5 checksum: 17414
706c890e463e40982115577d6366b38c
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_mipsel.deb
Size/MD5 checksum: 17396
4b9549de0525237b7960fcc3fb7a7e34
PowerPC architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_powerpc.deb
Size/MD5 checksum: 17012
77a60b2618a0d6402b61505542def0c9
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_s390.deb
Size/MD5 checksum: 16396
9c432c75e9ab8999f706cf5f44a3f912
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_sparc.deb
Size/MD5 checksum: 20106
dba3eb8c1af9cd1cf4887b9f9f5dc919
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1.dsc
Size/MD5 checksum: 516
b50422f5221e403d2050c14b7c66ce61
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1.tar.gz
Size/MD5 checksum: 18028
4272e8d4477b04fe767e81bf42100ddb
Alpha architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_alpha.deb
Size/MD5 checksum: 20432
d6ac3ca520d385a287668f1052309ace
AMD64 architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_amd64.deb
Size/MD5 checksum: 18940
b1569bc7eb07473243c3cb8d3ae39b0d
ARM architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_arm.deb
Size/MD5 checksum: 17314
09efd328261c381c3d5820fd8694687f
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_i386.deb
Size/MD5 checksum: 17556
297688542b5ebc69a90d65eefcf91bf1
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_ia64.deb
Size/MD5 checksum: 23648
c09e71375846d03fcc055661a4fa5583
HP Precision architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_hppa.deb
Size/MD5 checksum: 19622
43dd8b83363eabc50db98b94c8997669
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_m68k.deb
Size/MD5 checksum: 16940
538ee49ec5f773667ec7dd673685fb2b
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_mips.deb
Size/MD5 checksum: 20446
cd81b32736aed88be213a8b081b0c433
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_mipsel.deb
Size/MD5 checksum: 20528
c1c92e310b4d39d22b5fd322741c9375
PowerPC architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_powerpc.deb
Size/MD5 checksum: 18244
e5ed9744340de79cab0f5b79638f0fbb
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_s390.deb
Size/MD5 checksum: 18436
be9b62e95c994b756200e868339d378e
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_sparc.deb
Size/MD5 checksum: 17450
d99f331ac8d556f359d45211a78cddf8
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Fedora Core
Fedora Update Notification
FEDORA-2006-193
2006-03-22
Product : Fedora Core 5
Name : sendmail
Version : 8.13.6
Release : 0.FC5.1
Summary : A widely used Mail Transport Agent (MTA).
Description :
The Sendmail program is a very widely used Mail Transport Agent
(MTA). MTAs send mail from one machine to another. Sendmail is not
a client program, which you use to read your email. Sendmail is a
behind-the-scenes program which actually moves your email over
networks or the Internet to where you want it to go.
If you ever need to reconfigure Sendmail, you will also need to
have the sendmail.cf package installed. If you need documentation
on Sendmail, you can install the sendmail-doc package.
Update Information:
Fixes CVE-2006-0058:
A flaw in the handling of asynchronous signals. A remote
attacker may be able to exploit a race condition to execute
arbitrary code as root.
- Wed Mar 22 2006 Thomas Woerner <twoerner@redhat.com>
8.13.6-0.FC5.1- new version 8.13.6 (fixes VU#834865)
- dropped libmilter-sigwait patch (fixed in 8.13.6)
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
84bb2a3408fe450b41addd82548da81d09c23b0a
SRPMS/sendmail-8.13.6-0.FC5.1.src.rpm
71c2f024ded28a81c337eee7a3985c0171ac604a
ppc/sendmail-8.13.6-0.FC5.1.ppc.rpm
1c5060be274f4dbbd241dfc31c4faa682fd3b8ed
ppc/sendmail-doc-8.13.6-0.FC5.1.ppc.rpm
c02ecff13657b16e3fb28839ca77e7c3bc499be7
ppc/sendmail-devel-8.13.6-0.FC5.1.ppc.rpm
10cd721ec9cd18608350733a539b691a4836cc23
ppc/sendmail-cf-8.13.6-0.FC5.1.ppc.rpm
e7437a186b671ff29ae0a4b3b9714172c35329ae
ppc/debug/sendmail-debuginfo-8.13.6-0.FC5.1.ppc.rpm
9d0f2a434d192be296c9fa8e91051efbd31e7d55
x86_64/sendmail-8.13.6-0.FC5.1.x86_64.rpm
9dac3a549b1125b3f45fe08190127d7c1e847d9b
x86_64/sendmail-doc-8.13.6-0.FC5.1.x86_64.rpm
2f30755b801c75bc7a3f0ac386ebf1e7dcf2a258
x86_64/sendmail-devel-8.13.6-0.FC5.1.x86_64.rpm
e3af65815df8eaf3f82ae40256b324fd6175d513
x86_64/sendmail-cf-8.13.6-0.FC5.1.x86_64.rpm
ad288bdb73025866e7ac764de4e15aa7d40ade39
x86_64/debug/sendmail-debuginfo-8.13.6-0.FC5.1.x86_64.rpm
731f505c7112a0c5bb248fda3d8c7661364a045f
i386/sendmail-8.13.6-0.FC5.1.i386.rpm
80a1fb684bc4c1cabf0c90a3ae9499af6dbb2d50
i386/sendmail-doc-8.13.6-0.FC5.1.i386.rpm
b65f27439ecd608d4df58737db53f56413ae9a5d
i386/sendmail-devel-8.13.6-0.FC5.1.i386.rpm
161e75cba788602dd682070195115c42c6cb250b
i386/sendmail-cf-8.13.6-0.FC5.1.i386.rpm
d4270d8d3d5290c0a58aa460cd0fbb1f0b6be1f0
i386/debug/sendmail-debuginfo-8.13.6-0.FC5.1.i386.rpm
This update can be installed with the ‘yum’ update program. Use
‘yum update package-name’ at the command line. For more
information, refer to ‘Managing Software with yum,’ available at
http://fedora.redhat.com/docs/yum/.
Fedora Update Notification
FEDORA-2006-194
2006-03-22
Product : Fedora Core 4
Name : sendmail
Version : 8.13.6
Release : 0.FC4.1
Summary : A widely used Mail Transport Agent (MTA).
Description :
The Sendmail program is a very widely used Mail Transport Agent
(MTA). MTAs send mail from one machine to another. Sendmail is not
a client program, which you use to read your email. Sendmail is a
behind-the-scenes program which actually moves your email over
networks or the Internet to where you want it to go.
If you ever need to reconfigure Sendmail, you will also need to
have the sendmail.cf package installed. If you need documentation
on Sendmail, you can install the sendmail-doc package.
Update Information:
Fixes CVE-2006-0058:
A flaw in the handling of asynchronous signals. A remote
attacker may be able to exploit a race condition to execute
arbitrary code as root.
- Wed Mar 22 2006 Thomas Woerner <twoerner@redhat.com>
8.13.6-0.FC4.1- new version 8.13.6 (fixes VU#834865)
- dropped libmilter-sigwait patch (fixed in 8.13.6)
- fixed selinuxenabled path in initscript
- appended ‘dnl’ to cert tags in sendmail.mc
- fixed email address in changelog
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
2f41bf9a76d532bfd18894449b55b4e03fbb69e0
SRPMS/sendmail-8.13.6-0.FC4.1.src.rpm
1f4f77d16904cfaf7eae51d00c0b95d36a067bd3
ppc/sendmail-8.13.6-0.FC4.1.ppc.rpm
1810117898534bc17a2e13b8974bda21d1bacc22
ppc/sendmail-doc-8.13.6-0.FC4.1.ppc.rpm
d3c3dafc635f0b5830eaa84639f5e20c5f19b7bc
ppc/sendmail-devel-8.13.6-0.FC4.1.ppc.rpm
7e36bb934ed5520cdfea8fb06f08c1aa693b34e2
ppc/sendmail-cf-8.13.6-0.FC4.1.ppc.rpm
7d3f327c6868a41b42f890466a9cdfc0fdf12666
ppc/debug/sendmail-debuginfo-8.13.6-0.FC4.1.ppc.rpm
0f0fa8a62d665cf4b2c64d40a32a6c7e293fabef
x86_64/sendmail-8.13.6-0.FC4.1.x86_64.rpm
ba1c492c9170d93c59569f42d6db98f99bb74ad6
x86_64/sendmail-doc-8.13.6-0.FC4.1.x86_64.rpm
89d9870850e5897ab80d750eab573a35df55da67
x86_64/sendmail-devel-8.13.6-0.FC4.1.x86_64.rpm
25a6aa61aaeb6444cfe2d49ff8e6f38f708df7c3
x86_64/sendmail-cf-8.13.6-0.FC4.1.x86_64.rpm
20925139af12915cac541aeac5245e5bd93a9c66
x86_64/debug/sendmail-debuginfo-8.13.6-0.FC4.1.x86_64.rpm
8a778e471c555d3ef69a81c03f176dee42303ec2
i386/sendmail-8.13.6-0.FC4.1.i386.rpm
8ccf754fb3c3fc97d81d5883c2ccf21c8ed381be
i386/sendmail-doc-8.13.6-0.FC4.1.i386.rpm
a65d56ffda4cdc16569755cc4998c169cbb576af
i386/sendmail-devel-8.13.6-0.FC4.1.i386.rpm
2d0ad2eec6de626659aa5e0c7d3a66221c2978e4
i386/sendmail-cf-8.13.6-0.FC4.1.i386.rpm
67fd85127ae4edaf73b5decd36364282a1392aca
i386/debug/sendmail-debuginfo-8.13.6-0.FC4.1.i386.rpm
This update can be installed with the ‘yum’ update program. Use
‘yum update package-name’ at the command line. For more
information, refer to ‘Managing Software with yum,’ available at
http://fedora.redhat.com/docs/yum/.
Mandriva Linux
Mandriva Linux Security Advisory MDKSA-2006:058
http://www.mandriva.com/security/
Package : sendmail
Date : March 22, 2006
Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall
2.0
Problem Description:
A race condition was reported in sendmail in how it handles
asynchronous signals. This could allow a remote attacker to be able
to execute arbitrary code with the privileges of the user running
sendmail.
The updated packages have been patched to correct this problem
via a patch provided by the Sendmail Consortium via CERT.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
http://www.cert.org/advisories/834865
Updated Packages:
Mandriva Linux 10.2:
95305a1dfe64cfeabdca98fb008cfd91
10.2/RPMS/sendmail-8.13.3-2.1.102mdk.i586.rpm
5215408069e99b0ff2994db3af55d62e
10.2/RPMS/sendmail-cf-8.13.3-2.1.102mdk.i586.rpm
02deae8e6e131ac7cb847e9ab47a9885
10.2/RPMS/sendmail-devel-8.13.3-2.1.102mdk.i586.rpm
356978837f0dbf3ab9dcce39e9f58f7d
10.2/RPMS/sendmail-doc-8.13.3-2.1.102mdk.i586.rpm
9bff19f2f9b0b8502bf5f27dd2895f8e
10.2/SRPMS/sendmail-8.13.3-2.1.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
f148c878ea5b30370fc94e6a7255de5d
x86_64/10.2/RPMS/sendmail-8.13.3-2.1.102mdk.x86_64.rpm
3968115b895ce937e2d4e2180d577168
x86_64/10.2/RPMS/sendmail-cf-8.13.3-2.1.102mdk.x86_64.rpm
0f6226a324a5285b1ce81ce699de723b
x86_64/10.2/RPMS/sendmail-devel-8.13.3-2.1.102mdk.x86_64.rpm
461e896f92cdd4cea5f0ba56c68ba7a9
x86_64/10.2/RPMS/sendmail-doc-8.13.3-2.1.102mdk.x86_64.rpm
9bff19f2f9b0b8502bf5f27dd2895f8e
x86_64/10.2/SRPMS/sendmail-8.13.3-2.1.102mdk.src.rpm
Mandriva Linux 2006.0:
12616264669772849dc402ae7425229a
2006.0/RPMS/sendmail-8.13.4-6.1.20060mdk.i586.rpm
d551d0ed690a5f3da78842071472d386
2006.0/RPMS/sendmail-cf-8.13.4-6.1.20060mdk.i586.rpm
79c647c58c53c27e1a2555f5af71ef37
2006.0/RPMS/sendmail-devel-8.13.4-6.1.20060mdk.i586.rpm
94fd6a9ffa27388a80e5e1d1cb9543ed
2006.0/RPMS/sendmail-doc-8.13.4-6.1.20060mdk.i586.rpm
a996c91d8899ecb76ff1d961c6c0177a
2006.0/SRPMS/sendmail-8.13.4-6.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
7768a1368faf4890343b97ef868aae78
x86_64/2006.0/RPMS/sendmail-8.13.4-6.1.20060mdk.x86_64.rpm
35f33c64846459eeca8587f7150d3978
x86_64/2006.0/RPMS/sendmail-cf-8.13.4-6.1.20060mdk.x86_64.rpm
a70a4dc0ef6944f43614f83e742a80a2
x86_64/2006.0/RPMS/sendmail-devel-8.13.4-6.1.20060mdk.x86_64.rpm
aaa7adbd147cab2bbad3bea812eb32c2
x86_64/2006.0/RPMS/sendmail-doc-8.13.4-6.1.20060mdk.x86_64.rpm
a996c91d8899ecb76ff1d961c6c0177a
x86_64/2006.0/SRPMS/sendmail-8.13.4-6.1.20060mdk.src.rpm
Corporate 3.0:
be7c8df48bcf0790c64ac389b37754cb
corporate/3.0/RPMS/sendmail-8.12.11-1.1.C30mdk.i586.rpm
631dfdb5d0fc43185af6084e17714ffb
corporate/3.0/RPMS/sendmail-cf-8.12.11-1.1.C30mdk.i586.rpm
96b84769e995ac2595cb8d7ae4918b91
corporate/3.0/RPMS/sendmail-devel-8.12.11-1.1.C30mdk.i586.rpm
58337a123a60b64e6f414de744959337
corporate/3.0/RPMS/sendmail-doc-8.12.11-1.1.C30mdk.i586.rpm
3d46a60520cc65d595c17db6bae809c7
corporate/3.0/SRPMS/sendmail-8.12.11-1.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
c22a4c20960c29b647532b4d966234b1
x86_64/corporate/3.0/RPMS/sendmail-8.12.11-1.1.C30mdk.x86_64.rpm
ee7aad2adb440347519f5888200e923d
x86_64/corporate/3.0/RPMS/sendmail-cf-8.12.11-1.1.C30mdk.x86_64.rpm
6d0b3c65952995c3f12b076134c8a8e8
x86_64/corporate/3.0/RPMS/sendmail-devel-8.12.11-1.1.C30mdk.x86_64.rpm
c2e31e2fa472f4bb34db27526c25cc92
x86_64/corporate/3.0/RPMS/sendmail-doc-8.12.11-1.1.C30mdk.x86_64.rpm
3d46a60520cc65d595c17db6bae809c7
x86_64/corporate/3.0/SRPMS/sendmail-8.12.11-1.1.C30mdk.src.rpm
Multi Network Firewall 2.0:
d1f8e453ab9456d0bb7f34acf1388d3c
mnf/2.0/RPMS/sendmail-8.12.11-1.1.M20mdk.i586.rpm
6b0f02721103c1b25622e3d54e474c19
mnf/2.0/RPMS/sendmail-cf-8.12.11-1.1.M20mdk.i586.rpm
03f66672c6792fcf40d84a1dc4b686ef
mnf/2.0/RPMS/sendmail-devel-8.12.11-1.1.M20mdk.i586.rpm
b966f80b82cd054474ec43e9ff3be679
mnf/2.0/RPMS/sendmail-doc-8.12.11-1.1.M20mdk.i586.rpm
244093bf42df7c6db16246c56b7e6495
mnf/2.0/SRPMS/sendmail-8.12.11-1.1.M20mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Mandriva Linux Security Advisory MDKSA-2006:059
http://www.mandriva.com/security/
Package : kernel
Date : March 22, 2006
Affected: 2006.0
Problem Description:
A number of vulnerabilities were discovered and corrected in the
Linux 2.6 kernel:
sysctl.c in the Linux kernel prior to 2.6.14.1 allows local users to cause a
Denial of Service (kernel oops) and possibly execute code by
opening an interface file in /proc/sys/net/ipv4/conf/, waiting
until the interface is unregistered, then obtaining and modifying
function pointers in memory that was used for the ctl_table
(CVE-2005-2709).
Multiple vulnerabilities in versions prior to 2.6.13.2 allow local users to cause a DoS
(oops from null dereference) via fput in a 32bit ioctl on 64-bit
x86 systems or sockfd_put in the 32-bit routing_ioctl function on
64-bit systems (CVE-2005-3044). Note that this was previously
partially corrected in MDKSA-2005:235.
Prior to 2.6.14, the kernel’s atm module allows local users to
cause a DoS (panic) via certain socket calls that produce
inconsistent reference counts for loadable protocol modules
(CVE-2005-3359).
A race condition in the (1) add_key, (2) request_key, and (3)
keyctl functions in the 2.6.x kernel allows local users to cause a
DoS (crash) or read sensitive kernel memory by modifying the length
of a string argument between the time that the kernel calculates
the length and when it copies the data into kernel memory
(CVE-2006-0457).
Prior to 2.6.15.5, the kernel allows local users to obtain
sensitive information via a crafted XFS ftruncate call, which may
return stale data (CVE-2006-0554).
Prior to 2.6.15.5, the kernel allows local users to cause a DoS
(NFS client panic) via unknown attack vectors related to the use of
O_DIRECT (CVE-2006-0555).
Prior to an including kernel 2.6.16, sys_mbind in mempolicy.c
does not sanity check the maxnod variable before making certain
computations, which has an unknown impact and attack vectors
(CVE-2006-0557).
Prior to 2.6.15.5, the kernel allows local users to cause a DoS
(“endless recursive fault”) via unknown attack vectors related to a
“bad elf entry address” on Intel processors (CVE-2006-0741).
Prior to 2.6.15.6, the die_if_kernel function in the kernel can
allow local users to cause a DoS by causing user faults on Itanium
systems (CVE-2006-00742).
A race in the signal-handling code which allows a process to
become unkillable when the race is triggered was also fixed.
In addition to these security fixes, other fixes have been
included such as:
- add ich8 support
- libata locking rewrite
- libata clear ATA_QCFLAG_ACTIVE flag before calling the
completion callback - support the Acer Aspire 5xxx/3xxx series in the acerhk
module - USB storage: remove info sysfs file as it violates the sysfs
one value per file rule - fix OOPS in sysfs_hash_and_remove_file()
- pl2303 USB driver fixes; makes pl2303HX chip work
correctly - fix OOPS in IPMI driver which is probably caused when trying to
use ACPI functions when ACPI was not properly initialized - fix de_thread() racy BUG_ON()
The provided packages are patched to fix these vulnerabilities.
All users are encouraged to upgrade to these updated kernels.
To update your kernel, please follow the directions located
at:
http://www.mandriva.com/en/security/kernelupdate
Please note that users using the LSI Logic 53c1030 dual-channel
ultra 320 SCSI card will need to re-create their initrd images
manually prior to rebooting in order to fix a bug that prevents
booting. A future update will correct this problem. To do this,
execute:
# rm /boot/initrd-2.6.12-18mdk.img
# mkinitrd /boot/initrd-2.6.12-18mdk.img 2.6.12-18mdk
–with-module=mptspi
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3359
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0457
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0742
Updated Packages:
Mandriva Linux 2006.0:
1b218623b306f20afa82d0016d7f2b02
2006.0/RPMS/kernel-2.6.12.18mdk-1-1mdk.i586.rpm
a051bd99d550490b0f878e53e68dad2f
2006.0/RPMS/kernel-BOOT-2.6.12.18mdk-1-1mdk.i586.rpm
2ed8565ec9f4bbf280ee38563cbf5ae9
2006.0/RPMS/kernel-i586-up-1GB-2.6.12.18mdk-1-1mdk.i586.rpm
93f467fbc20508c7cfcc1291c00883a4
2006.0/RPMS/kernel-i686-up-4GB-2.6.12.18mdk-1-1mdk.i586.rpm
6d682e1336225bfe35c145a9b735cee2
2006.0/RPMS/kernel-smp-2.6.12.18mdk-1-1mdk.i586.rpm
e2a7bf396ef80eb13b3b49e49a632d5e
2006.0/RPMS/kernel-source-2.6-2.6.12-18mdk.i586.rpm
61e26ccfa23888a5e877137565bd2e62
2006.0/RPMS/kernel-source-stripped-2.6-2.6.12-18mdk.i586.rpm
d6b3b6357df23337584dcf53d17468d3
2006.0/RPMS/kernel-xbox-2.6.12.18mdk-1-1mdk.i586.rpm
4b6b2309768ff66a5277cd0b2ad6135f
2006.0/RPMS/kernel-xen0-2.6.12.18mdk-1-1mdk.i586.rpm
6ea381cb538e6f845bdf7dd10f15b623
2006.0/RPMS/kernel-xenU-2.6.12.18mdk-1-1mdk.i586.rpm
661bf62bc99323115940fd5a088df875
2006.0/SRPMS/kernel-2.6.12.18mdk-1-1mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
f01f7df9165bc18cecef5c306fadd288
x86_64/2006.0/RPMS/kernel-2.6.12.18mdk-1-1mdk.x86_64.rpm
d1c1a1bd3a95220dbb33dc51a8bf6515
x86_64/2006.0/RPMS/kernel-BOOT-2.6.12.18mdk-1-1mdk.x86_64.rpm
bab61b2878c55528c09c327e8fdbb444
x86_64/2006.0/RPMS/kernel-smp-2.6.12.18mdk-1-1mdk.x86_64.rpm
222a970d935dcd178f943e2cedb96091
x86_64/2006.0/RPMS/kernel-source-2.6-2.6.12-18mdk.x86_64.rpm
2a327a55284339a3cec137b10f55b16d
x86_64/2006.0/RPMS/kernel-source-stripped-2.6-2.6.12-18mdk.x86_64.rpm
661bf62bc99323115940fd5a088df875
x86_64/2006.0/SRPMS/kernel-2.6.12.18mdk-1-1mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Red Hat Linux
Red Hat Security Advisory
Synopsis: Critical: sendmail security update
Advisory ID: RHSA-2006:0264-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0264.html
Issue date: 2006-03-22
Updated on: 2006-03-22
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-0058
1. Summary:
Updated sendmail packages to fix a security issue are now
available for Red Hat Enterprise Linux 3 and 4.
This update has been rated as having critical security impact by
the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Desktop version 3 – i386, x86_64
Red Hat Enterprise Linux ES version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64
3. Problem description:
Sendmail is a Mail Transport Agent (MTA) used to send mail
between machines.
A flaw in the handling of asynchronous signals was discovered in
Sendmail. A remote attacker may be able to exploit a race condition
to execute arbitrary code as root. The Common Vulnerabilities and
Exposures project assigned the name CVE-2006-0058 to this
issue.
By default on Red Hat Enterprise Linux 3 and 4, Sendmail is
configured to only accept connections from the local host.
Therefore, only users who have configured Sendmail to listen to
remote hosts would be able to be remotely exploited by this
vulnerability.
Users of Sendmail are advised to upgrade to these erratum
packages, which contain a backported patch from the Sendmail team
to correct this issue.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:
up2date
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
184465 – CVE-2006-0058 Sendmail race condition issue
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.4.src.rpm
7d2875e6d9a3b4ddfa54e3be67888070
sendmail-8.12.11-4.RHEL3.4.src.rpm
i386:
944e64db10b061dff22a10117c7f4a31
sendmail-8.12.11-4.RHEL3.4.i386.rpm
c8fc53343bff73624542b4ea77c2b565
sendmail-cf-8.12.11-4.RHEL3.4.i386.rpm
090525584bce022b9e04bafbefb9d71a
sendmail-devel-8.12.11-4.RHEL3.4.i386.rpm
c3ea9cb0ab86047422d58447e93415fb
sendmail-doc-8.12.11-4.RHEL3.4.i386.rpm
ia64:
bc6715fefbd6bd9349b8116a13127d6b
sendmail-8.12.11-4.RHEL3.4.ia64.rpm
beb6de13a56f2fffdfed69ae7a050137
sendmail-cf-8.12.11-4.RHEL3.4.ia64.rpm
2ad6d475f92907b535b175a10572c897
sendmail-devel-8.12.11-4.RHEL3.4.ia64.rpm
231ea97fa236e429ecc6f7734f950025
sendmail-doc-8.12.11-4.RHEL3.4.ia64.rpm
ppc:
e548c09d3101ee937fa900dee199c207
sendmail-8.12.11-4.RHEL3.4.ppc.rpm
d4e14142aa623898b6a978e7658f036a
sendmail-cf-8.12.11-4.RHEL3.4.ppc.rpm
813ba2da17685d2923796826d0720735
sendmail-devel-8.12.11-4.RHEL3.4.ppc.rpm
2dc1c320d39a5733d7e2594a38d2c681
sendmail-doc-8.12.11-4.RHEL3.4.ppc.rpm
s390:
28995c615c097f06b93566bcf7e7e620
sendmail-8.12.11-4.RHEL3.4.s390.rpm
f9f3328d6170be64beaa4f1f43cca5a4
sendmail-cf-8.12.11-4.RHEL3.4.s390.rpm
6d28c9d70fb26c3ae7916f4c20937095
sendmail-devel-8.12.11-4.RHEL3.4.s390.rpm
1f16f02650a63249180b285e98fca603
sendmail-doc-8.12.11-4.RHEL3.4.s390.rpm
s390x:
4ef7001ea500dc64f7f14d42e5ef419b
sendmail-8.12.11-4.RHEL3.4.s390x.rpm
f6607a113c0efa597fdea8926c060436
sendmail-cf-8.12.11-4.RHEL3.4.s390x.rpm
65122cedf0c82b7491fcaa30bf135f63
sendmail-devel-8.12.11-4.RHEL3.4.s390x.rpm
9df7ab571f5ad111db83bf403d58ef88
sendmail-doc-8.12.11-4.RHEL3.4.s390x.rpm
x86_64:
33764d084b7cfbb9687ec3a55f6e466c
sendmail-8.12.11-4.RHEL3.4.x86_64.rpm
ea1690edc3270c917b63c10b3c2b47a3
sendmail-cf-8.12.11-4.RHEL3.4.x86_64.rpm
0a5290a0b2b2c96558fa120120eb316d
sendmail-devel-8.12.11-4.RHEL3.4.x86_64.rpm
48a4b96f92aea23a54b7e2740dcc8f87
sendmail-doc-8.12.11-4.RHEL3.4.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.4.src.rpm
7d2875e6d9a3b4ddfa54e3be67888070
sendmail-8.12.11-4.RHEL3.4.src.rpm
i386:
944e64db10b061dff22a10117c7f4a31
sendmail-8.12.11-4.RHEL3.4.i386.rpm
c8fc53343bff73624542b4ea77c2b565
sendmail-cf-8.12.11-4.RHEL3.4.i386.rpm
090525584bce022b9e04bafbefb9d71a
sendmail-devel-8.12.11-4.RHEL3.4.i386.rpm
c3ea9cb0ab86047422d58447e93415fb
sendmail-doc-8.12.11-4.RHEL3.4.i386.rpm
x86_64:
33764d084b7cfbb9687ec3a55f6e466c
sendmail-8.12.11-4.RHEL3.4.x86_64.rpm
ea1690edc3270c917b63c10b3c2b47a3
sendmail-cf-8.12.11-4.RHEL3.4.x86_64.rpm
0a5290a0b2b2c96558fa120120eb316d
sendmail-devel-8.12.11-4.RHEL3.4.x86_64.rpm
48a4b96f92aea23a54b7e2740dcc8f87
sendmail-doc-8.12.11-4.RHEL3.4.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.4.src.rpm
7d2875e6d9a3b4ddfa54e3be67888070
sendmail-8.12.11-4.RHEL3.4.src.rpm
i386:
944e64db10b061dff22a10117c7f4a31
sendmail-8.12.11-4.RHEL3.4.i386.rpm
c8fc53343bff73624542b4ea77c2b565
sendmail-cf-8.12.11-4.RHEL3.4.i386.rpm
090525584bce022b9e04bafbefb9d71a
sendmail-devel-8.12.11-4.RHEL3.4.i386.rpm
c3ea9cb0ab86047422d58447e93415fb
sendmail-doc-8.12.11-4.RHEL3.4.i386.rpm
ia64:
bc6715fefbd6bd9349b8116a13127d6b
sendmail-8.12.11-4.RHEL3.4.ia64.rpm
beb6de13a56f2fffdfed69ae7a050137
sendmail-cf-8.12.11-4.RHEL3.4.ia64.rpm
2ad6d475f92907b535b175a10572c897
sendmail-devel-8.12.11-4.RHEL3.4.ia64.rpm
231ea97fa236e429ecc6f7734f950025
sendmail-doc-8.12.11-4.RHEL3.4.ia64.rpm
x86_64:
33764d084b7cfbb9687ec3a55f6e466c
sendmail-8.12.11-4.RHEL3.4.x86_64.rpm
ea1690edc3270c917b63c10b3c2b47a3
sendmail-cf-8.12.11-4.RHEL3.4.x86_64.rpm
0a5290a0b2b2c96558fa120120eb316d
sendmail-devel-8.12.11-4.RHEL3.4.x86_64.rpm
48a4b96f92aea23a54b7e2740dcc8f87
sendmail-doc-8.12.11-4.RHEL3.4.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.4.src.rpm
7d2875e6d9a3b4ddfa54e3be67888070
sendmail-8.12.11-4.RHEL3.4.src.rpm
i386:
944e64db10b061dff22a10117c7f4a31
sendmail-8.12.11-4.RHEL3.4.i386.rpm
c8fc53343bff73624542b4ea77c2b565
sendmail-cf-8.12.11-4.RHEL3.4.i386.rpm
090525584bce022b9e04bafbefb9d71a
sendmail-devel-8.12.11-4.RHEL3.4.i386.rpm
c3ea9cb0ab86047422d58447e93415fb
sendmail-doc-8.12.11-4.RHEL3.4.i386.rpm
ia64:
bc6715fefbd6bd9349b8116a13127d6b
sendmail-8.12.11-4.RHEL3.4.ia64.rpm
beb6de13a56f2fffdfed69ae7a050137
sendmail-cf-8.12.11-4.RHEL3.4.ia64.rpm
2ad6d475f92907b535b175a10572c897
sendmail-devel-8.12.11-4.RHEL3.4.ia64.rpm
231ea97fa236e429ecc6f7734f950025
sendmail-doc-8.12.11-4.RHEL3.4.ia64.rpm
x86_64:
33764d084b7cfbb9687ec3a55f6e466c
sendmail-8.12.11-4.RHEL3.4.x86_64.rpm
ea1690edc3270c917b63c10b3c2b47a3
sendmail-cf-8.12.11-4.RHEL3.4.x86_64.rpm
0a5290a0b2b2c96558fa120120eb316d
sendmail-devel-8.12.11-4.RHEL3.4.x86_64.rpm
48a4b96f92aea23a54b7e2740dcc8f87
sendmail-doc-8.12.11-4.RHEL3.4.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.3.src.rpm
e83dd254437bf7d4415a6be12c7a58da
sendmail-8.13.1-3.RHEL4.3.src.rpm
i386:
fba1a601a1ab106f67b22030ad090c28
sendmail-8.13.1-3.RHEL4.3.i386.rpm
8ed398a86f127e08ee31b19f14deafc4
sendmail-cf-8.13.1-3.RHEL4.3.i386.rpm
dade78569735970629e880969892b9f3
sendmail-devel-8.13.1-3.RHEL4.3.i386.rpm
3e656f2c678aa19f32eaad782abada8a
sendmail-doc-8.13.1-3.RHEL4.3.i386.rpm
ia64:
7b366e3fbfab8ce2a4cabff56c5dae2b
sendmail-8.13.1-3.RHEL4.3.ia64.rpm
4d2625fc1981329a7a348b360c9c2209
sendmail-cf-8.13.1-3.RHEL4.3.ia64.rpm
23e84e296ce17c5a18d2dd8ed3189d7e
sendmail-devel-8.13.1-3.RHEL4.3.ia64.rpm
5d4ca9a18cc0cd9148679fc8e4b9b339
sendmail-doc-8.13.1-3.RHEL4.3.ia64.rpm
ppc:
5d46ed345d357e23637ee93538c9bf6c
sendmail-8.13.1-3.RHEL4.3.ppc.rpm
94419ba6a9ca2b2c5fd6c270e27a0c0a
sendmail-cf-8.13.1-3.RHEL4.3.ppc.rpm
605283ccb19d98bc52c28455c4cb33ef
sendmail-devel-8.13.1-3.RHEL4.3.ppc.rpm
f94dff61d5f788c40a6da60bc54f35fd
sendmail-doc-8.13.1-3.RHEL4.3.ppc.rpm
s390:
c4a8cae7959a00d193e839219c451ccf
sendmail-8.13.1-3.RHEL4.3.s390.rpm
de299b0e3f4fd221c13ae2112a1cc8db
sendmail-cf-8.13.1-3.RHEL4.3.s390.rpm
af0b3dd5a26d1c2c375b9aa83bce4d66
sendmail-devel-8.13.1-3.RHEL4.3.s390.rpm
4839491332c2ff2fff4316655e3004b4
sendmail-doc-8.13.1-3.RHEL4.3.s390.rpm
s390x:
035e31b624879ea90785783a4565b91e
sendmail-8.13.1-3.RHEL4.3.s390x.rpm
a435f54801fe106550537e35078c115e
sendmail-cf-8.13.1-3.RHEL4.3.s390x.rpm
585b0b0c27f4fb729c31037f0887c375
sendmail-devel-8.13.1-3.RHEL4.3.s390x.rpm
8ba7aabd895330273240c1bcdbe295a8
sendmail-doc-8.13.1-3.RHEL4.3.s390x.rpm
x86_64:
798fc57962c9588440de9556f06fe3ab
sendmail-8.13.1-3.RHEL4.3.x86_64.rpm
126a565b097fcf2d48b94e735686d083
sendmail-cf-8.13.1-3.RHEL4.3.x86_64.rpm
8d60a35991c05a6fe959a529ade0959c
sendmail-devel-8.13.1-3.RHEL4.3.x86_64.rpm
0bcbe2d9682b2505c439650f693a0b6c
sendmail-doc-8.13.1-3.RHEL4.3.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.3.src.rpm
e83dd254437bf7d4415a6be12c7a58da
sendmail-8.13.1-3.RHEL4.3.src.rpm
i386:
fba1a601a1ab106f67b22030ad090c28
sendmail-8.13.1-3.RHEL4.3.i386.rpm
8ed398a86f127e08ee31b19f14deafc4
sendmail-cf-8.13.1-3.RHEL4.3.i386.rpm
dade78569735970629e880969892b9f3
sendmail-devel-8.13.1-3.RHEL4.3.i386.rpm
3e656f2c678aa19f32eaad782abada8a
sendmail-doc-8.13.1-3.RHEL4.3.i386.rpm
x86_64:
798fc57962c9588440de9556f06fe3ab
sendmail-8.13.1-3.RHEL4.3.x86_64.rpm
126a565b097fcf2d48b94e735686d083
sendmail-cf-8.13.1-3.RHEL4.3.x86_64.rpm
8d60a35991c05a6fe959a529ade0959c
sendmail-devel-8.13.1-3.RHEL4.3.x86_64.rpm
0bcbe2d9682b2505c439650f693a0b6c
sendmail-doc-8.13.1-3.RHEL4.3.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.3.src.rpm
e83dd254437bf7d4415a6be12c7a58da
sendmail-8.13.1-3.RHEL4.3.src.rpm
i386:
fba1a601a1ab106f67b22030ad090c28
sendmail-8.13.1-3.RHEL4.3.i386.rpm
8ed398a86f127e08ee31b19f14deafc4
sendmail-cf-8.13.1-3.RHEL4.3.i386.rpm
dade78569735970629e880969892b9f3
sendmail-devel-8.13.1-3.RHEL4.3.i386.rpm
3e656f2c678aa19f32eaad782abada8a
sendmail-doc-8.13.1-3.RHEL4.3.i386.rpm
ia64:
7b366e3fbfab8ce2a4cabff56c5dae2b
sendmail-8.13.1-3.RHEL4.3.ia64.rpm
4d2625fc1981329a7a348b360c9c2209
sendmail-cf-8.13.1-3.RHEL4.3.ia64.rpm
23e84e296ce17c5a18d2dd8ed3189d7e
sendmail-devel-8.13.1-3.RHEL4.3.ia64.rpm
5d4ca9a18cc0cd9148679fc8e4b9b339
sendmail-doc-8.13.1-3.RHEL4.3.ia64.rpm
x86_64:
798fc57962c9588440de9556f06fe3ab
sendmail-8.13.1-3.RHEL4.3.x86_64.rpm
126a565b097fcf2d48b94e735686d083
sendmail-cf-8.13.1-3.RHEL4.3.x86_64.rpm
8d60a35991c05a6fe959a529ade0959c
sendmail-devel-8.13.1-3.RHEL4.3.x86_64.rpm
0bcbe2d9682b2505c439650f693a0b6c
sendmail-doc-8.13.1-3.RHEL4.3.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.3.src.rpm
e83dd254437bf7d4415a6be12c7a58da
sendmail-8.13.1-3.RHEL4.3.src.rpm
i386:
fba1a601a1ab106f67b22030ad090c28
sendmail-8.13.1-3.RHEL4.3.i386.rpm
8ed398a86f127e08ee31b19f14deafc4
sendmail-cf-8.13.1-3.RHEL4.3.i386.rpm
dade78569735970629e880969892b9f3
sendmail-devel-8.13.1-3.RHEL4.3.i386.rpm
3e656f2c678aa19f32eaad782abada8a
sendmail-doc-8.13.1-3.RHEL4.3.i386.rpm
ia64:
7b366e3fbfab8ce2a4cabff56c5dae2b
sendmail-8.13.1-3.RHEL4.3.ia64.rpm
4d2625fc1981329a7a348b360c9c2209
sendmail-cf-8.13.1-3.RHEL4.3.ia64.rpm
23e84e296ce17c5a18d2dd8ed3189d7e
sendmail-devel-8.13.1-3.RHEL4.3.ia64.rpm
5d4ca9a18cc0cd9148679fc8e4b9b339
sendmail-doc-8.13.1-3.RHEL4.3.ia64.rpm
x86_64:
798fc57962c9588440de9556f06fe3ab
sendmail-8.13.1-3.RHEL4.3.x86_64.rpm
126a565b097fcf2d48b94e735686d083
sendmail-cf-8.13.1-3.RHEL4.3.x86_64.rpm
8d60a35991c05a6fe959a529ade0959c
sendmail-devel-8.13.1-3.RHEL4.3.x86_64.rpm
0bcbe2d9682b2505c439650f693a0b6c
sendmail-doc-8.13.1-3.RHEL4.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://www.kb.cert.org/vuls/id/834865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
Red Hat Security Advisory
Synopsis: Critical: sendmail security update
Advisory ID: RHSA-2006:0265-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0265.html
Issue date: 2006-03-22
Updated on: 2006-03-22
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-0058
1. Summary:
Updated sendmail packages to fix a security issue are now
available for Red Hat Enterprise Linux 2.1.
This update has been rated as having critical security impact by
the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 –
i386, ia64
Red Hat Linux Advanced Workstation 2.1 – ia64
Red Hat Enterprise Linux ES version 2.1 – i386
Red Hat Enterprise Linux WS version 2.1 – i386
3. Problem description:
Sendmail is a Mail Transport Agent (MTA) used to send mail
between machines.
A flaw in the handling of asynchronous signals was discovered in
Sendmail. A remote attacker may be able to exploit a race condition
to execute arbitrary code as root. The Common Vulnerabilities and
Exposures project assigned the name CVE-2006-0058 to this
issue.
By default on Red Hat Enterprise Linux 2.1, Sendmail is
configured to only accept connections from the local host.
Therefore only users who have configured Sendmail to listen to
remote hosts would be able to be remotely exploited by this
vulnerability.
In order to correct this issue for Red Hat Enterprise Linux 2.1
users, it was necessary to upgrade the version of Sendmail from
8.11 as originally shipped to Sendmail 8.12 with the addition of
the security patch supplied by Sendmail Inc. This erratum provides
updated packages based on Sendmail 8.12 with a compatibility mode
enabled. After updating to these packages, users should pay close
attention to their sendmail logs to ensure that the upgrade
completed sucessfully.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:
up2date
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
184465 – CVE-2006-0058 Sendmail race condition issue
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/sendmail-8.12.11-4.21AS.8.src.rpm
f5abfd6edcababd2bab542f836950d16
sendmail-8.12.11-4.21AS.8.src.rpm
i386:
aaf362f3da9cfbeac698bd0cae38849a
sendmail-8.12.11-4.21AS.8.i386.rpm
edf605382c1edceeb3520494ef1defa4
sendmail-cf-8.12.11-4.21AS.8.i386.rpm
f410e2be904b29607c8b57c598d6e86a
sendmail-devel-8.12.11-4.21AS.8.i386.rpm
7920ac760db2f52d85c942817b0a1a84
sendmail-doc-8.12.11-4.21AS.8.i386.rpm
ia64:
87d8a88331ca8d816d779129033a2545
sendmail-8.12.11-4.21AS.8.ia64.rpm
7c1f0fbd3490bf7007115c19aa320a79
sendmail-cf-8.12.11-4.21AS.8.ia64.rpm
7fd463f112b365cb9d8b63eebaa67718
sendmail-devel-8.12.11-4.21AS.8.ia64.rpm
4d6b4f4cccb65dad389887ea6d974181
sendmail-doc-8.12.11-4.21AS.8.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/sendmail-8.12.11-4.21AS.8.src.rpm
f5abfd6edcababd2bab542f836950d16
sendmail-8.12.11-4.21AS.8.src.rpm
ia64:
87d8a88331ca8d816d779129033a2545
sendmail-8.12.11-4.21AS.8.ia64.rpm
7c1f0fbd3490bf7007115c19aa320a79
sendmail-cf-8.12.11-4.21AS.8.ia64.rpm
7fd463f112b365cb9d8b63eebaa67718
sendmail-devel-8.12.11-4.21AS.8.ia64.rpm
4d6b4f4cccb65dad389887ea6d974181
sendmail-doc-8.12.11-4.21AS.8.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/sendmail-8.12.11-4.21AS.8.src.rpm
f5abfd6edcababd2bab542f836950d16
sendmail-8.12.11-4.21AS.8.src.rpm
i386:
aaf362f3da9cfbeac698bd0cae38849a
sendmail-8.12.11-4.21AS.8.i386.rpm
edf605382c1edceeb3520494ef1defa4
sendmail-cf-8.12.11-4.21AS.8.i386.rpm
f410e2be904b29607c8b57c598d6e86a
sendmail-devel-8.12.11-4.21AS.8.i386.rpm
7920ac760db2f52d85c942817b0a1a84
sendmail-doc-8.12.11-4.21AS.8.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/sendmail-8.12.11-4.21AS.8.src.rpm
f5abfd6edcababd2bab542f836950d16
sendmail-8.12.11-4.21AS.8.src.rpm
i386:
aaf362f3da9cfbeac698bd0cae38849a
sendmail-8.12.11-4.21AS.8.i386.rpm
edf605382c1edceeb3520494ef1defa4
sendmail-cf-8.12.11-4.21AS.8.i386.rpm
f410e2be904b29607c8b57c598d6e86a
sendmail-devel-8.12.11-4.21AS.8.i386.rpm
7920ac760db2f52d85c942817b0a1a84
sendmail-doc-8.12.11-4.21AS.8.i386.rpm
These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References: