[Security Announce] [ MDKSA-2006:156 ] - Updated sendmail packages fix DoS vulnerabilities
Posted on: 08/31/2006 03:30 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:156
http://www.mandriva.com/security/
_______________________________________________________________________

Package : sendmail
Date : August 30, 2006
Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Moritz Jodeit discovered a vulnerability in sendmail when processing
very long header lines that could be exploited to cause a Denial of
Service by crashing sendmail.

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4434
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
a870f27eea807314c3688258eed755a5 2006.0/RPMS/sendmail-8.13.4-6.3.20060mdk.i586.rpm
35666ba77272168154638784d3126e8a 2006.0/RPMS/sendmail-cf-8.13.4-6.3.20060mdk.i586.rpm
e68900de30eb26c1ad6023b6f25feda4 2006.0/RPMS/sendmail-devel-8.13.4-6.3.20060mdk.i586.rpm
adbdad6844cc56e002e300703dfa800f 2006.0/RPMS/sendmail-doc-8.13.4-6.3.20060mdk.i586.rpm
8db59bc684bf7ee7b50f8d9025aa2f99 2006.0/SRPMS/sendmail-8.13.4-6.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
1c23ae6dc8b9aad58efa1f45082bd594 x86_64/2006.0/RPMS/sendmail-8.13.4-6.3.20060mdk.x86_64.rpm
4a4d76c56fb75c24994b0e7759033462 x86_64/2006.0/RPMS/sendmail-cf-8.13.4-6.3.20060mdk.x86_64.rpm
15316c4ecd26d10f840a0e2e9cff0164 x86_64/2006.0/RPMS/sendmail-devel-8.13.4-6.3.20060mdk.x86_64.rpm
31db86ce194192d535a6adbb60f86691 x86_64/2006.0/RPMS/sendmail-doc-8.13.4-6.3.20060mdk.x86_64.rpm
8db59bc684bf7ee7b50f8d9025aa2f99 x86_64/2006.0/SRPMS/sendmail-8.13.4-6.3.20060mdk.src.rpm

Corporate 3.0:
421f3b45e01bbb9ea6dd907a60eafd21 corporate/3.0/RPMS/sendmail-8.12.11-1.3.C30mdk.i586.rpm
363fe7e5f501e3c638f893e3bb805889 corporate/3.0/RPMS/sendmail-cf-8.12.11-1.3.C30mdk.i586.rpm
efdfae3157d77708d2fdec4fdcbd2362 corporate/3.0/RPMS/sendmail-devel-8.12.11-1.3.C30mdk.i586.rpm
05d8e255ebe10729361bde038ab999ec corporate/3.0/RPMS/sendmail-doc-8.12.11-1.3.C30mdk.i586.rpm
bc7577c81a324fb8c2cb4392f9039372 corporate/3.0/SRPMS/sendmail-8.12.11-1.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
65d846ef86d0df8d32316c79a2b9a326 x86_64/corporate/3.0/RPMS/sendmail-8.12.11-1.3.C30mdk.x86_64.rpm
457e8e7d69b48bbeff20a54c3f01ef4d x86_64/corporate/3.0/RPMS/sendmail-cf-8.12.11-1.3.C30mdk.x86_64.rpm
34e7e51ef099d09b4781d79b3e05be42 x86_64/corporate/3.0/RPMS/sendmail-devel-8.12.11-1.3.C30mdk.x86_64.rpm
31d545ea1139af2b397a5e65d1b6c961 x86_64/corporate/3.0/RPMS/sendmail-doc-8.12.11-1.3.C30mdk.x86_64.rpm
bc7577c81a324fb8c2cb4392f9039372 x86_64/corporate/3.0/SRPMS/sendmail-8.12.11-1.3.C30mdk.src.rpm

Multi Network Firewall 2.0:
d4f9409b6f07b43d8d28340553a42aac mnf/2.0/RPMS/sendmail-8.12.11-1.3.M20mdk.i586.rpm
f50c4ea50ac1f24431c7a693cc665e72 mnf/2.0/RPMS/sendmail-cf-8.12.11-1.3.M20mdk.i586.rpm
7b141d0baf6d3c42bc88bf9aec6c3c93 mnf/2.0/SRPMS/sendmail-8.12.11-1.3.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE9egqmqjQ0CJFipgRApk0AJ96l62HBwBLqNdXdTv3XlKZW9qYhACfaRui
AA2jidzJyYzItJ2RZHIMtHQ=
=jHtc
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006156__updated_sendmail_packages_fix_dos_vulnerabilities.html)