Fedora Legacy Test Update Notification: sendmail

Jesse Keating jkeating at j2solutions.net
Thu Mar 23 07:50:47 UTC 2006 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-186277
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186277
2006-03-22
---------------------------------------------------------------------

Name        : sendmail
Versions    : rh73: sendmail-8.12.11-4.22.9.legacy
Versions    : rh9: sendmail-8.12.11-4.24.1.legacy
Versions    : fc1: sendmail-8.12.11-4.25.1.legacy
Versions    : fc2: sendmail-8.12.11-4.26.legacy
Versions    : fc3: sendmail-8.13.1-3.legacy
Summary     : A widely used Mail Transport Agent (MTA).
Description :
The Sendmail program is a very widely used Mail Transport Agent (MTA).
MTAs send mail from one machine to another. Sendmail is not a client
program, which you use to read your email. Sendmail is a
behind-the-scenes program which actually moves your email over
networks or the Internet to where you want it to go.

If you ever need to reconfigure Sendmail, you will also need to have
the sendmail.cf package installed. If you need documentation on
Sendmail, you can install the sendmail-doc package.

---------------------------------------------------------------------
Update Information:

An updated tar package that fixes a flaw in the handling of asynchronous 
signals.

A flaw in the handling of asynchronous signals was discovered in Sendmail.
A remote attacker may be able to exploit a race condition to execute
arbitrary code as root. The Common Vulnerabilities and Exposures project
assigned the name CVE-2006-0058 to this issue.

By default on Red Hat Enterprise Linux 2.1 and later, Sendmail is configured 
to only accept connections from the local host. Therefore only users who have
configured Sendmail to listen to remote hosts would be able to be remotely
exploited by this vulnerability.

In order to correct this issue for RHL 7.3 users, it was necessary to upgrade 
the version of Sendmail from 8.11 as originally shipped to Sendmail 8.12.11 
with the addition of the security patch supplied by Sendmail Inc. This 
erratum provides updated packages based on Sendmail 8.12 with a compatibility 
mode enabled as provided by Red Hat for RHEL 2.1. After updating to these 
packages, users should pay close attention to their sendmail logs to ensure 
that the upgrade completed sucessfully.

In order to correct this issue for RHL 9 and FC1 users, it was necessary to 
upgrade the version of Sendmail from 8.12.8 and 8.12.10 respectively to 
8.12.11 with the addition of the security patch supplied by Sendmail Inc.  
After updating to these packages, users should pay close attention to their 
sendmail logs to ensure that the upgrade completed sucessfully.

For Fedora Core 3 users, the patch supplied by Sendmail Inc. applies cleanly 
to the latest sendmail package previously released for Fedora Core 3.

Users of Sendmail should upgrade to this updated package, which contains a
replacement backported patch to correct this issue.

---------------------------------------------------------------------
Changelogs

rh73:
* Wed Mar 22 2006 Jesse Keating <jkeating at j2solutions.net> 
8.12.11-4.22.9.legacy
- Sourced in for RHL7.3
- Added groff buildreq


rh9:
* Wed Mar 22 2006 Jesse Keating <jkeating at redhat.com> - 8.12.11-4.24.1.legacy
- fixed VU#834865 (#186277)
- disable -fpie
- enable old_setup
- Add BuildReq gdbm-devel
- Use sasl1


fc1:
* Wed Mar 22 2006 Jesse Keating <jkeating at redhat.com> - 8.12.11-4.25.1.legacy
- fixed VU#834865 (#186277)
- enable old_setup

fc2:
* Wed Mar 22 2006 Jesse Keating <jkeating at redhat.com> - 8.12.11-4.26.legacy
- fixed VU#834865 (#186277)

fc3:
* Wed Mar 22 2006 Jesse Keating <jkeating at j2solutions.net> 8.13.1-3.legacy
- fixed VU#834865 (#186277)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh73:
d9c001d8a34f11f528ff6be2a9f8dd15818caf40  
redhat/7.3/updates-testing/SRPMS/sendmail-8.12.11-4.22.9.legacy.src.rpm
80f02c886b020e6d6ef17389c22c8b530fb05a48  
redhat/7.3/updates-testing/i386/sendmail-8.12.11-4.22.9.legacy.i386.rpm
285816881a55fe4b8a74fee48205c8ceedaee5e5  
redhat/7.3/updates-testing/i386/sendmail-cf-8.12.11-4.22.9.legacy.i386.rpm
b4154a342e7747d980b7acaf352649ddc1dcc40d  
redhat/7.3/updates-testing/i386/sendmail-devel-8.12.11-4.22.9.legacy.i386.rpm
81a36048a12cc5c08a8e93490dde6817c402ae54  
redhat/7.3/updates-testing/i386/sendmail-doc-8.12.11-4.22.9.legacy.i386.rpm


rh9:
272bbff91a52692991f6f0fd434a27fda1c92057  
redhat/9/updates-testing/SRPMS/sendmail-8.12.11-4.24.1.legacy.src.rpm
683d48df1c5aabb1e9768d4bfb37036d0d7ff7c6  
redhat/9/updates-testing/i386/sendmail-8.12.11-4.24.1.legacy.i386.rpm
a6e967294f6cbe9f623e5626e20e33fbbc410f68  
redhat/9/updates-testing/i386/sendmail-cf-8.12.11-4.24.1.legacy.i386.rpm
da996e582bb27144c7c26050e0ba51ce7cb727d7  
redhat/9/updates-testing/i386/sendmail-devel-8.12.11-4.24.1.legacy.i386.rpm
8d03dc1dd178543cb9d9050198774b599967bfcd  
redhat/9/updates-testing/i386/sendmail-doc-8.12.11-4.24.1.legacy.i386.rpm


fc1:
c33698f4e499d477d9712de3d6061825348a294f  
fedora/1/updates-testing/SRPMS/sendmail-8.12.11-4.25.1.legacy.src.rpm
df880ab03eaeb2f82be81bee96c28392984a4b86  
fedora/1/updates-testing/i386/sendmail-8.12.11-4.25.1.legacy.i386.rpm
729bcaeb1269b65728f014bbbedb5c1a54a5158e  
fedora/1/updates-testing/i386/sendmail-cf-8.12.11-4.25.1.legacy.i386.rpm
256ff91b67ecc7680a5f2fb97b3b32142bb80d18  
fedora/1/updates-testing/i386/sendmail-devel-8.12.11-4.25.1.legacy.i386.rpm
65725c811c4c7eede9f88c006a13c15e458d353f  
fedora/1/updates-testing/i386/sendmail-doc-8.12.11-4.25.1.legacy.i386.rpm


fc2:
65086d18cb29e02b57ce07b6abf79ba378ae1c3c  
fedora/2/updates-testing/SRPMS/sendmail-8.12.11-4.26.legacy.src.rpm
7e44b02696338832e2dfc0057aeb58c98511d0d2  
fedora/2/updates-testing/i386/sendmail-8.12.11-4.26.legacy.i386.rpm
d159f0c92bd530799b75341d18b5b2cbe5aa5a0a  
fedora/2/updates-testing/i386/sendmail-cf-8.12.11-4.26.legacy.i386.rpm
8421bfb2eb2f2b3fddb35e905fdcfecd0fb8088c  
fedora/2/updates-testing/i386/sendmail-devel-8.12.11-4.26.legacy.i386.rpm
b659d2733afa3d6f4df840a395c6eae3a5c07d50  
fedora/2/updates-testing/i386/sendmail-doc-8.12.11-4.26.legacy.i386.rpm

fc3:
fbfba64eac81e57ae098f967b7d3bf4e47e04c87  
fedora/3/updates-testing/SRPMS/sendmail-8.13.1-3.legacy.src.rpm
6cc0f44ad32c0eb62801331bf8bfa41625b61031  
fedora/3/updates-testing/i386/sendmail-8.13.1-3.legacy.i386.rpm
04bd02d3f731eb985d6e8b9fde7ee3ddc5bdccfe  
fedora/3/updates-testing/i386/sendmail-cf-8.13.1-3.legacy.i386.rpm
97f173fa48f847feb5051bc2cb4686f53e3895ac  
fedora/3/updates-testing/i386/sendmail-devel-8.13.1-3.legacy.i386.rpm
298c0908052efdbc671dda1f22f025f96a10d770  
fedora/3/updates-testing/i386/sendmail-doc-8.13.1-3.legacy.i386.rpm
162a1e21ac33e5a9072f7cb9934d17523d8160f6  
fedora/3/updates-testing/x86_64/sendmail-8.13.1-3.legacy.x86_64.rpm
939de41400340905ec0b378b501e5d1b8b41e545  
fedora/3/updates-testing/x86_64/sendmail-cf-8.13.1-3.legacy.x86_64.rpm
c09947143c351f575737036599c23c542404d82e  
fedora/3/updates-testing/x86_64/sendmail-devel-8.13.1-3.legacy.x86_64.rpm
bd1b9553b49e5c2631a40f68461472b1671f9beb  
fedora/3/updates-testing/x86_64/sendmail-doc-8.13.1-3.legacy.x86_64.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060322/ceeb444f/attachment.sig>

More information about the fedora-legacy-list mailing list