-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1155-1 security@debian.org http://www.debian.org/security/ Martin Schulze August 24th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : sendmail Vulnerability : programming error Problem type : remote Debian-specific: no CVE ID : CVE-2006-1173 CERT advisory : VU#146718 BugTraq ID : 18433 Debian Bug : 373801 380258 Frank Sheiness discovered that a MIME conversion routine in sendmail, a powerful, efficient, and scalable mail transport agent, could be tricked by a specially crafted mail to perform an endless recursion. For the stable distribution (sarge) this problem has been fixed in version 8.13.4-3sarge2. For the unstable distribution (sid) this problem has been fixed in version 8.13.7-1. We recommend that you upgrade your sendmail package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge2.dsc Size/MD5 checksum: 910 960ea60c4191d0dffc223bc87bdc8b60 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge2.diff.gz Size/MD5 checksum: 384830 5746beee4bf07d3ed740f4835bc7fa36 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4.orig.tar.gz Size/MD5 checksum: 1968047 d80dc659df96c63d227ed80c0c71b708 Architecture independent components: http://security.debian.org/pool/updates/main/s/sendmail/sendmail-base_8.13.4-3sarge2_all.deb Size/MD5 checksum: 342338 33201cb38ffe42ee9f13e7cfd534cd77 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-cf_8.13.4-3sarge2_all.deb Size/MD5 checksum: 280724 fc323a1ae0ba4207bf485d0950838126 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.13.4-3sarge2_all.deb Size/MD5 checksum: 815978 b96cb196d23aa2f66dba83a3f4220fe6 http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge2_all.deb Size/MD5 checksum: 193664 014094391c524db1f1eae96f6c7bae22 Alpha architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_alpha.deb Size/MD5 checksum: 319036 3f4eb80c71a8bc63b7dc74af4d330e39 http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_alpha.deb Size/MD5 checksum: 215600 5f2a9cbb0a24465ed648926037038edd http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_alpha.deb Size/MD5 checksum: 228830 e8d15c3f6d26ca8d908e42b07bc7042f http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_alpha.deb Size/MD5 checksum: 953944 46d247fc609bbb701634f51173d04a33 http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_alpha.deb Size/MD5 checksum: 198126 f8cce9c9d0f6b8a393e70f37b4078769 AMD64 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_amd64.deb Size/MD5 checksum: 296580 dbb1c9930fdd39d78f00165ab3bd4103 http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_amd64.deb Size/MD5 checksum: 213218 5bf6afa8b44b7a85a639809c82294635 http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_amd64.deb Size/MD5 checksum: 225286 f0eb29825d98fae3ae47aca60cc25d59 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_amd64.deb Size/MD5 checksum: 851166 2ab733eb6108e0cb75f461ee855f602a http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_amd64.deb Size/MD5 checksum: 197680 edb148b36ded61b6bd0615d120508605 ARM architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_arm.deb Size/MD5 checksum: 291930 5e7634c0a8733b0bce07d65e73a4ef16 http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_arm.deb Size/MD5 checksum: 211570 6b4962041621b2dda3d2201f7107a8d3 http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_arm.deb Size/MD5 checksum: 223674 f10af1dde65c5055fdec8cb31e089264 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_arm.deb Size/MD5 checksum: 829316 da778ae1e36441fc81219ba1c9424e94 http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_arm.deb Size/MD5 checksum: 197238 e35b5bc8eb4f209b556ffae5f5b182ca Intel IA-32 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_i386.deb Size/MD5 checksum: 287210 b0906f03f7965d82207c9510cafb6bca http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_i386.deb Size/MD5 checksum: 211614 1b239843c9a627900d62208144c4425c http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_i386.deb Size/MD5 checksum: 222384 101b1290a634f1f3b0fbe385fa3f00ea http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_i386.deb Size/MD5 checksum: 812502 f4533171ad66b3d3bb5e3457b8f072eb http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_i386.deb Size/MD5 checksum: 197280 bb50d3704bcd94d8fc391dd2b6bf4a89 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_ia64.deb Size/MD5 checksum: 330728 ce5076cdb2b4d6841697f8441b903c4b http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_ia64.deb Size/MD5 checksum: 220454 1bf7b131f12c5efedf329a8c606a6905 http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_ia64.deb Size/MD5 checksum: 239680 702d539a34fd1b1316fedda55b7e5ae1 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_ia64.deb Size/MD5 checksum: 1162596 3f9c5fd6e4e58d09c488d1e18e5e8199 http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_ia64.deb Size/MD5 checksum: 198966 82381861fc653cc8bcc0bdd11b6c982e HP Precision architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_hppa.deb Size/MD5 checksum: 301512 c527f00a3851404869c148a30de682e0 http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_hppa.deb Size/MD5 checksum: 215652 e9019f514e994d2b2582250d06f65ea0 http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_hppa.deb Size/MD5 checksum: 229404 030689791d9ab55108b00d22147cde0a http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_hppa.deb Size/MD5 checksum: 919820 3309c8104d8eaa73abdcf90d1802204e http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_hppa.deb Size/MD5 checksum: 198126 49d18720f3e53fe2f1d8e092e98cf105 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_m68k.deb Size/MD5 checksum: 272812 11e4cc568a7889458d932db6d4ac61b6 http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_m68k.deb Size/MD5 checksum: 210862 d51962d3877927d9e222d9ef941885bb http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_m68k.deb Size/MD5 checksum: 218874 fa8b57e8b977426f6a6acb8a7c6a7c22 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_m68k.deb Size/MD5 checksum: 728524 3c3a0ed89e720c9b5b676238fd4906cb http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_m68k.deb Size/MD5 checksum: 197172 6da127ab094398d33fdce92e4cdb0877 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_mips.deb Size/MD5 checksum: 293164 1da7ab05880c74c77e1cfe49d1c6b186 http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_mips.deb Size/MD5 checksum: 212044 ea8f0785e2e23695b5a8ce9a6db0b241 http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_mips.deb Size/MD5 checksum: 227376 38b9b47ea73e44456eb0ef18b5575f8c http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_mips.deb Size/MD5 checksum: 883436 4880521485f9c36548703ca007286f7e http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_mips.deb Size/MD5 checksum: 198136 5d31a8e053390f018f549fcdcff7c8cf Little endian MIPS architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_mipsel.deb Size/MD5 checksum: 293964 07b24d641a5badff3feebb780f62d335 http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_mipsel.deb Size/MD5 checksum: 212342 e3e0903028c33b5f74e5f51d65513069 http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_mipsel.deb Size/MD5 checksum: 227662 224ac71024df656f978bf77c02179a5e http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_mipsel.deb Size/MD5 checksum: 887092 c8226b40bacb22ea6141657fd7ac5566 http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_mipsel.deb Size/MD5 checksum: 198308 9007cddf32c14fb0d26206a80be71953 PowerPC architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_powerpc.deb Size/MD5 checksum: 296008 826ce4a9a5269b1be8867f3f119ff58b http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_powerpc.deb Size/MD5 checksum: 216294 078a2c789c479c1382b9b639a0738b88 http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_powerpc.deb Size/MD5 checksum: 228474 2b02f60ae2c6dfa8de9f5e5c62bf3d59 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_powerpc.deb Size/MD5 checksum: 867134 32296265a4e142ac4ec55a50b28bc050 http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_powerpc.deb Size/MD5 checksum: 199352 7abc4f13f6351f1d93e548e2ecfd215e IBM S/390 architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_s390.deb Size/MD5 checksum: 295158 5b5e75a74f2ff91c4a301057e22c26fb http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_s390.deb Size/MD5 checksum: 213298 fff5231f97b037d64e6fad5b200f558e http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_s390.deb Size/MD5 checksum: 228670 f3aaf184734fdfdd7cb1aecac78f4827 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_s390.deb Size/MD5 checksum: 875180 ba43126125f6da96878fc89fd971765c http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_s390.deb Size/MD5 checksum: 197662 b59525ac3fc1d4ab781646c50c35217e Sun Sparc architecture: http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_sparc.deb Size/MD5 checksum: 285396 bdfb343b56374589948a271ca0a83acd http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_sparc.deb Size/MD5 checksum: 211612 776d54b96a9a5dbc465d97492025a050 http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_sparc.deb Size/MD5 checksum: 222882 fc69af2a76b50b938d9aacf8f978c025 http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_sparc.deb Size/MD5 checksum: 819474 cdafeb8dadc08275dd9cb2db5397b6f8 http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_sparc.deb Size/MD5 checksum: 197400 11d3a7c2a52c824eb4002c5954d1c81a These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE7UX+W5ql+IAeqTIRAuSkAJ9vZ1QJw5o+LEiBfiQuFxB6P3nuuwCgqMH6 BQBhHFJ6SSX2VT9f5YlLNJ8= =W116 -----END PGP SIGNATURE-----