This is a MIME-formatted message. If you see this text it means that your E-mail software does not support MIME-formatted messages. --=_server.j2solutions.com-8602-1162274679-0001-2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit --------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated sendmail packages fix security issue Advisory ID: FLSA:195418 Issue date: 2006-10-29 Product: Red Hat Linux, Fedora Core Keywords: Bugfix, Security CVE Names: CVE-2006-1173 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated sendmail packages that fix a security issue are now available. The sendmail package provides a widely used Mail Transport Agent (MTA). 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 Fedora Core 2 - i386 Fedora Core 3 - i386, x86_64 3. Problem description: A flaw in the handling of multi-part MIME messages was discovered in Sendmail. A remote attacker could create a carefully crafted message that could crash the sendmail process during delivery (CVE-2006-1173). Users of Sendmail are advised to upgrade to these erratum packages, which contain a backported patch from the Sendmail team to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195418 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/sendmail-8.12.11-4.22.11.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-8.12.11-4.22.11.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-cf-8.12.11-4.22.11.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-devel-8.12.11-4.22.11.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-doc-8.12.11-4.22.11.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/sendmail-8.12.11-4.24.4.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-8.12.11-4.24.4.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-cf-8.12.11-4.24.4.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-devel-8.12.11-4.24.4.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-doc-8.12.11-4.24.4.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/sendmail-8.12.11-4.25.4.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/sendmail-8.12.11-4.25.4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/sendmail-cf-8.12.11-4.25.4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/sendmail-devel-8.12.11-4.25.4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/sendmail-doc-8.12.11-4.25.4.legacy.i386.rpm Fedora Core 2: SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/sendmail-8.12.11-4.26.1.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-8.12.11-4.26.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-cf-8.12.11-4.26.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-devel-8.12.11-4.26.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-doc-8.12.11-4.26.1.legacy.i386.rpm Fedora Core 3: SRPM: http://download.fedoralegacy.org/fedora/3/updates/SRPMS/sendmail-8.13.1-4.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-8.13.1-4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-cf-8.13.1-4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-devel-8.13.1-4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-doc-8.13.1-4.legacy.i386.rpm x86_64: http://download.fedoralegacy.org/fedora/3/updates/x86_64/sendmail-8.13.1-4.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/sendmail-cf-8.13.1-4.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/sendmail-devel-8.13.1-4.legacy.x86_64.rpm http://download.fedoralegacy.org/fedora/3/updates/x86_64/sendmail-doc-8.13.1-4.legacy.x86_64.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- rh73: de3219959a42e413f4add01a96fe5bd4e5c2e25b redhat/7.3/updates/i386/sendmail-8.12.11-4.22.11.legacy.i386.rpm 6651ffec675ad29d60dae0b538cc4ab00833b7e9 redhat/7.3/updates/i386/sendmail-cf-8.12.11-4.22.11.legacy.i386.rpm a863e902dac5362e8922e62358f00e76fccfb0dd redhat/7.3/updates/i386/sendmail-devel-8.12.11-4.22.11.legacy.i386.rpm 8b02c451d2ed59b530f3e6976e3bbf4ce0ea535c redhat/7.3/updates/i386/sendmail-doc-8.12.11-4.22.11.legacy.i386.rpm 76086504341d07d4ee88c15a5060c1088d6f3057 redhat/7.3/updates/SRPMS/sendmail-8.12.11-4.22.11.legacy.src.rpm rh9: 31695348a11ac9b47d5470249072f2175131bdab redhat/9/updates/i386/sendmail-8.12.11-4.24.4.legacy.i386.rpm 05c883b5a6b218f69a08c711ca71e4d14d958141 redhat/9/updates/i386/sendmail-cf-8.12.11-4.24.4.legacy.i386.rpm 7bc9aef8a1a8794eb6ad6c8496ede743bc61fd76 redhat/9/updates/i386/sendmail-devel-8.12.11-4.24.4.legacy.i386.rpm 470d3a9ada94a6d1735176050cfa94c8eefc8c70 redhat/9/updates/i386/sendmail-doc-8.12.11-4.24.4.legacy.i386.rpm 5715d14fec8f303271ee7ef3ace828f80af76902 redhat/9/updates/SRPMS/sendmail-8.12.11-4.24.4.legacy.src.rpm fc1: b4e627654290a72eb736678f9ddf6c19031daed6 fedora/1/updates/i386/sendmail-8.12.11-4.25.4.legacy.i386.rpm 6e631fda5b975b4cd40b8e580b1562888addc272 fedora/1/updates/i386/sendmail-cf-8.12.11-4.25.4.legacy.i386.rpm c9e37c442488d4079983ad47d74c843b2e835b52 fedora/1/updates/i386/sendmail-devel-8.12.11-4.25.4.legacy.i386.rpm c3d8da108fb47db91a3bd9513de4e5e403e34656 fedora/1/updates/i386/sendmail-doc-8.12.11-4.25.4.legacy.i386.rpm 1198d4465b351b6555b510fe22ff93c3accdc794 fedora/1/updates/SRPMS/sendmail-8.12.11-4.25.4.legacy.src.rpm fc2: 719954687788a5194cde32eb235d3d542fa62690 fedora/2/updates/i386/sendmail-8.12.11-4.26.1.legacy.i386.rpm 840bf9b1d018965963ceaffec85e0be2dced5345 fedora/2/updates/i386/sendmail-cf-8.12.11-4.26.1.legacy.i386.rpm b44e5ba3a369885111d74232960b3de5e5e1207e fedora/2/updates/i386/sendmail-devel-8.12.11-4.26.1.legacy.i386.rpm 2a8eaa15f1c7e50dbc16542e5d93b88e1933d522 fedora/2/updates/i386/sendmail-doc-8.12.11-4.26.1.legacy.i386.rpm 48fce3c232e313a1648d04bdd0ffe727b1cb9867 fedora/2/updates/SRPMS/sendmail-8.12.11-4.26.1.legacy.src.rpm fc3: 27a009c764d367c5bb32c003ef79611602709808 fedora/3/updates/i386/sendmail-8.13.1-4.legacy.i386.rpm aa4ae72b7747269f6d20519e3fefd83a28e52df6 fedora/3/updates/i386/sendmail-cf-8.13.1-4.legacy.i386.rpm ea0d29481a712d42927f15da4fcc2709d4e5fbd0 fedora/3/updates/i386/sendmail-devel-8.13.1-4.legacy.i386.rpm 428282ff79c56f0f0bda0607612c38ca4253ab04 fedora/3/updates/i386/sendmail-doc-8.13.1-4.legacy.i386.rpm 14661dcec23213f5337e1eba749e8657daf5ef4b fedora/3/updates/x86_64/sendmail-8.13.1-4.legacy.x86_64.rpm c6fdccb6edf57d18aad1c955809ea74cbee333cd fedora/3/updates/x86_64/sendmail-cf-8.13.1-4.legacy.x86_64.rpm 67f50ca7957b1cef314f9ab2e5d5dba81376573c fedora/3/updates/x86_64/sendmail-devel-8.13.1-4.legacy.x86_64.rpm 05be329d3ec2df28d49b1e7f91e2eea9daf0159f fedora/3/updates/x86_64/sendmail-doc-8.13.1-4.legacy.x86_64.rpm 0167c72624710207c4c4b16afdce87e5fb161dd0 fedora/3/updates/SRPMS/sendmail-8.13.1-4.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum 8. References: http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc http://www.kb.cert.org/vuls/id/146718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173 http://rhn.redhat.com/errata/RHSA-2006-0515.html 9. Contact: The Fedora Legacy security contact is . More project details at http://www.fedoralegacy.org --------------------------------------------------------------------- --=_server.j2solutions.com-8602-1162274679-0001-2 Content-Type: application/pgp-signature; name="signature.asc" Content-Transfer-Encoding: 7bit Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFFRugxxou1V/j9XZwRAi5WAKDIv/qp0H5AxKmU2GBlwmlwaMMVDQCgonMF W2L3ajlt3O/QyWfy+PERTtc= =jFWJ -----END PGP SIGNATURE----- --=_server.j2solutions.com-8602-1162274679-0001-2--