sendmail (SSA:2006-166-01)

sendmail (SSA:2006-166-01)
Posted on: 06/15/2006 04:26 PM

New sendmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, and -current to fix a possible denial-of-service issue.

Sendmail's complete advisory may be found here:
http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc

Sendmail has also provided an FAQ about this issue:
http://www.sendmail.com/security/advisories/SA-200605-01/faq.shtml

The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173

Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/sendmail-8.13.7-i486-1_slack10.2.tgz:
Upgraded to sendmail-8.13.7.
Fixes a potential denial of service problem caused by excessive recursion
leading to stack exhaustion when attempting delivery of a malformed MIME
message. This crashes sendmail's queue processing daemon, which in turn
can lead to two problems: depending on the settings, these crashed
processes may create coredumps which could fill a drive partition; and
such a malformed message in the queue will cause queue processing to
cease when the message is reached, causing messages that are later in
the queue to not be processed.
Sendmail's complete advisory may be found here:
http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc
Sendmail has also provided an FAQ about this issue:
http://www.sendmail.com/security/advisories/SA-200605-01/faq.shtml
The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
(* Security fix *)
patches/packages/sendmail-cf-8.13.7-noarch-1_slack10.2.tgz:
Upgraded to sendmail-8.13.7 configs.
+--------------------------+

Where to find the new packages:
+-----------------------------+

Updated packages for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-8.13.7-i386-1_slack8.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-cf-8.13.7-noarch-1_slack8.1.tgz

Updated packages for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sendmail-8.13.7-i386-1_slack9.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sendmail-cf-8.13.7-noarch-1_slack9.0.tgz

Updated packages for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/sendmail-8.13.7-i486-1_slack9.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/sendmail-cf-8.13.7-noarch-1_slack9.1.tgz

Updated packages for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/sendmail-8.13.7-i486-1_slack10.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/sendmail-cf-8.13.7-noarch-1_slack10.0.tgz

Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/sendmail-8.13.7-i486-1_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/sendmail-cf-8.13.7-noarch-1_slack10.1.tgz

Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/sendmail-8.13.7-i486-1_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/sendmail-cf-8.13.7-noarch-1_slack10.2.tgz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sendmail-8.13.7-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sendmail-cf-8.13.7-noarch-1.tgz

MD5 signatures:
+-------------+

Slackware 8.1 packages:
1c3e9dd9e154e005bdf7201304e7c687 sendmail-8.13.7-i386-1_slack8.1.tgz
ef1bd1755097153511686c084227c6be sendmail-cf-8.13.7-noarch-1_slack8.1.tgz

Slackware 9.0 packages:
8795f9012db34b3e36468bce07787bb3 sendmail-8.13.7-i386-1_slack9.0.tgz
257eecb0d4f7a38a1e54463dc76e869a sendmail-cf-8.13.7-noarch-1_slack9.0.tgz

Slackware 9.1 packages:
99edd1f4fd42b7becbf884df5b3d5119 sendmail-8.13.7-i486-1_slack9.1.tgz
ee1234ed4335cadc62456274b55b9143 sendmail-cf-8.13.7-noarch-1_slack9.1.tgz

Slackware 10.0 packages:
9b767acf3043e59799395097253c1d06 sendmail-8.13.7-i486-1_slack10.0.tgz
0fc5cb4b0f1e313dd1f6b7a9be617459 sendmail-cf-8.13.7-noarch-1_slack10.0.tgz

Slackware 10.1 packages:
a7ff6c75a3319f1a9dbbac2c5fe48327 sendmail-8.13.7-i486-1_slack10.1.tgz
5fe8d1f221732dbca518771fb7497bc0 sendmail-cf-8.13.7-noarch-1_slack10.1.tgz

Slackware 10.2 packages:
0ef5d85e5026212fb528b10c3ab89155 sendmail-8.13.7-i486-1_slack10.2.tgz
05bbc5ccfb5d56b1742bf9ea888b2218 sendmail-cf-8.13.7-noarch-1_slack10.2.tgz

Slackware -current packages:
cf7c76831ad25065d1bc2a39decb1da3 sendmail-8.13.7-i486-1.tgz
c14deab3e9f4229137eeb430c4120c78 sendmail-cf-8.13.7-noarch-1.tgz

Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg sendmail-8.13.7-i486-1.tgz sendmail-cf-8.13.7-noarch-1.tgz

Restart sendmail:
# . /etc/rc.d/rc.sendmail restart

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/sendmail_ssa2006_166_01.html)