Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2007:0252 - Security Advisory
Issued:
2007-05-01
Updated:
2007-05-01

RHSA-2007:0252 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: sendmail security and bug fix update

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated sendmail packages that fix a security issue and various bugs are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

Description

Sendmail is a very widely used Mail Transport Agent (MTA). MTAs deliver
mail from one machine to another. Sendmail is not a client program, but
rather a behind-the-scenes daemon that moves email over networks or the
Internet to its final destination.

The configuration of Sendmail on Red Hat Enterprise Linux was found to not
reject the "localhost.localdomain" domain name for e-mail messages that
came from external hosts. This could have allowed remote attackers to
disguise spoofed messages (CVE-2006-7176).

This updated package also fixes the following bugs:

  • Infinite loop within tls read.
  • Incorrect path to selinuxenabled in initscript.
  • Build artifacts from sendmail-cf package.
  • Missing socketmap support.
  • Add support for CipherList configuration directive.
  • Path for aliases file.
  • Failure of shutting down sm-client.
  • Allows to specify persistent queue runners.
  • Missing dnl for SMART_HOST define.
  • Fixes connections stay in CLOSE_WAIT.

All users of Sendmail should upgrade to these updated packages, which
contains backported patches to resolve these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

  • BZ - 121850 - [PATCH] infinite loop within tls_read
  • BZ - 152282 - Incorrect path to selinuxenabled in /etc/init.d/sendmail
  • BZ - 152955 - sendmail-cf contains rpm build artifacts
  • BZ - 156191 - Changelog says 'Socketmap Supported' but it's not compiled in.
  • BZ - 166744 - aliases man page specifies incorrect location of aliases file
  • BZ - 171838 - CVE-2006-7176 sendmail allows external mail with from address xxx@localhost.localdomain
  • BZ - 172352 - Sendmail allows SSLv2 during STARTTLS, and the CipherList config option isn't supported so you can't turn it off
  • BZ - 200920 - shutting down sm-client fails
  • BZ - 200921 - [PATCH] method to specify persistent queue runners?
  • BZ - 200923 - sendmail.mc missing dnl on SMART_HOST define

CVEs

  • CVE-2006-7176

References

  • http://www.redhat.com/security/updates/classification/#low
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
sendmail-8.13.1-3.2.el4.src.rpm SHA-256: 2cc427adbbafa5ae3b0836e8cadf4df98d578c7fb742c2db54103a2cbe73fc27
x86_64
sendmail-8.13.1-3.2.el4.x86_64.rpm SHA-256: 9f7a9b075f95dd1d4bd1f2fdebe352eaf6242a491a3e523f6595ea1d82868b34
sendmail-8.13.1-3.2.el4.x86_64.rpm SHA-256: 9f7a9b075f95dd1d4bd1f2fdebe352eaf6242a491a3e523f6595ea1d82868b34
sendmail-cf-8.13.1-3.2.el4.x86_64.rpm SHA-256: ce84b5fad685f6bb8ca3651932146ced208915d80d34b19fe80355fb76d24990
sendmail-cf-8.13.1-3.2.el4.x86_64.rpm SHA-256: ce84b5fad685f6bb8ca3651932146ced208915d80d34b19fe80355fb76d24990
sendmail-devel-8.13.1-3.2.el4.x86_64.rpm SHA-256: 909c36a57bddc33e338f71d9de23f68571e61960de06a93c0b836046fa29963a
sendmail-devel-8.13.1-3.2.el4.x86_64.rpm SHA-256: 909c36a57bddc33e338f71d9de23f68571e61960de06a93c0b836046fa29963a
sendmail-doc-8.13.1-3.2.el4.x86_64.rpm SHA-256: 74d29f2f18fae6011d961063cd4eda4f8b0eefc91312c8709075da32054d2723
sendmail-doc-8.13.1-3.2.el4.x86_64.rpm SHA-256: 74d29f2f18fae6011d961063cd4eda4f8b0eefc91312c8709075da32054d2723
ia64
sendmail-8.13.1-3.2.el4.ia64.rpm SHA-256: 40bc811664cb69ea2bb66788a4130dc2e91f60cccc2774604795478ddb9e1442
sendmail-8.13.1-3.2.el4.ia64.rpm SHA-256: 40bc811664cb69ea2bb66788a4130dc2e91f60cccc2774604795478ddb9e1442
sendmail-cf-8.13.1-3.2.el4.ia64.rpm SHA-256: 6af4db93f94894e367cc524b4ba85edb87765b0db8f41d82cf5232a580827e18
sendmail-cf-8.13.1-3.2.el4.ia64.rpm SHA-256: 6af4db93f94894e367cc524b4ba85edb87765b0db8f41d82cf5232a580827e18
sendmail-devel-8.13.1-3.2.el4.ia64.rpm SHA-256: d4a243210eeddf87056ec0a6ca048dbc772733a95e09b60b5d93aee04ce00cef
sendmail-devel-8.13.1-3.2.el4.ia64.rpm SHA-256: d4a243210eeddf87056ec0a6ca048dbc772733a95e09b60b5d93aee04ce00cef
sendmail-doc-8.13.1-3.2.el4.ia64.rpm SHA-256: 1b054a453276fdac2108acf4439c350019800ba0bd0cd92992c2c5ea0b42d9bb
sendmail-doc-8.13.1-3.2.el4.ia64.rpm SHA-256: 1b054a453276fdac2108acf4439c350019800ba0bd0cd92992c2c5ea0b42d9bb
i386
sendmail-8.13.1-3.2.el4.i386.rpm SHA-256: 15a0b79ca82010da1e1e893761abab067139858dc675cae90d79f100dd72f880
sendmail-8.13.1-3.2.el4.i386.rpm SHA-256: 15a0b79ca82010da1e1e893761abab067139858dc675cae90d79f100dd72f880
sendmail-cf-8.13.1-3.2.el4.i386.rpm SHA-256: e13f50fa42bc43ebbbcadea3b00611034eeb18157c6f4bb72962348cb37522d8
sendmail-cf-8.13.1-3.2.el4.i386.rpm SHA-256: e13f50fa42bc43ebbbcadea3b00611034eeb18157c6f4bb72962348cb37522d8
sendmail-devel-8.13.1-3.2.el4.i386.rpm SHA-256: 8e9a3ac6ca45d089d6572564b9fd4695dbf129127f733289e99c91cfb37479f1
sendmail-devel-8.13.1-3.2.el4.i386.rpm SHA-256: 8e9a3ac6ca45d089d6572564b9fd4695dbf129127f733289e99c91cfb37479f1
sendmail-doc-8.13.1-3.2.el4.i386.rpm SHA-256: 35ab9acc0d71363ca7a527820be0500a55fd7c171e2e53b6c2eec60ade88f6bb
sendmail-doc-8.13.1-3.2.el4.i386.rpm SHA-256: 35ab9acc0d71363ca7a527820be0500a55fd7c171e2e53b6c2eec60ade88f6bb

Red Hat Enterprise Linux Workstation 4

SRPM
sendmail-8.13.1-3.2.el4.src.rpm SHA-256: 2cc427adbbafa5ae3b0836e8cadf4df98d578c7fb742c2db54103a2cbe73fc27
x86_64
sendmail-8.13.1-3.2.el4.x86_64.rpm SHA-256: 9f7a9b075f95dd1d4bd1f2fdebe352eaf6242a491a3e523f6595ea1d82868b34
sendmail-cf-8.13.1-3.2.el4.x86_64.rpm SHA-256: ce84b5fad685f6bb8ca3651932146ced208915d80d34b19fe80355fb76d24990
sendmail-devel-8.13.1-3.2.el4.x86_64.rpm SHA-256: 909c36a57bddc33e338f71d9de23f68571e61960de06a93c0b836046fa29963a
sendmail-doc-8.13.1-3.2.el4.x86_64.rpm SHA-256: 74d29f2f18fae6011d961063cd4eda4f8b0eefc91312c8709075da32054d2723
ia64
sendmail-8.13.1-3.2.el4.ia64.rpm SHA-256: 40bc811664cb69ea2bb66788a4130dc2e91f60cccc2774604795478ddb9e1442
sendmail-cf-8.13.1-3.2.el4.ia64.rpm SHA-256: 6af4db93f94894e367cc524b4ba85edb87765b0db8f41d82cf5232a580827e18
sendmail-devel-8.13.1-3.2.el4.ia64.rpm SHA-256: d4a243210eeddf87056ec0a6ca048dbc772733a95e09b60b5d93aee04ce00cef
sendmail-doc-8.13.1-3.2.el4.ia64.rpm SHA-256: 1b054a453276fdac2108acf4439c350019800ba0bd0cd92992c2c5ea0b42d9bb
i386
sendmail-8.13.1-3.2.el4.i386.rpm SHA-256: 15a0b79ca82010da1e1e893761abab067139858dc675cae90d79f100dd72f880
sendmail-cf-8.13.1-3.2.el4.i386.rpm SHA-256: e13f50fa42bc43ebbbcadea3b00611034eeb18157c6f4bb72962348cb37522d8
sendmail-devel-8.13.1-3.2.el4.i386.rpm SHA-256: 8e9a3ac6ca45d089d6572564b9fd4695dbf129127f733289e99c91cfb37479f1
sendmail-doc-8.13.1-3.2.el4.i386.rpm SHA-256: 35ab9acc0d71363ca7a527820be0500a55fd7c171e2e53b6c2eec60ade88f6bb

Red Hat Enterprise Linux Desktop 4

SRPM
sendmail-8.13.1-3.2.el4.src.rpm SHA-256: 2cc427adbbafa5ae3b0836e8cadf4df98d578c7fb742c2db54103a2cbe73fc27
x86_64
sendmail-8.13.1-3.2.el4.x86_64.rpm SHA-256: 9f7a9b075f95dd1d4bd1f2fdebe352eaf6242a491a3e523f6595ea1d82868b34
sendmail-cf-8.13.1-3.2.el4.x86_64.rpm SHA-256: ce84b5fad685f6bb8ca3651932146ced208915d80d34b19fe80355fb76d24990
sendmail-devel-8.13.1-3.2.el4.x86_64.rpm SHA-256: 909c36a57bddc33e338f71d9de23f68571e61960de06a93c0b836046fa29963a
sendmail-doc-8.13.1-3.2.el4.x86_64.rpm SHA-256: 74d29f2f18fae6011d961063cd4eda4f8b0eefc91312c8709075da32054d2723
i386
sendmail-8.13.1-3.2.el4.i386.rpm SHA-256: 15a0b79ca82010da1e1e893761abab067139858dc675cae90d79f100dd72f880
sendmail-cf-8.13.1-3.2.el4.i386.rpm SHA-256: e13f50fa42bc43ebbbcadea3b00611034eeb18157c6f4bb72962348cb37522d8
sendmail-devel-8.13.1-3.2.el4.i386.rpm SHA-256: 8e9a3ac6ca45d089d6572564b9fd4695dbf129127f733289e99c91cfb37479f1
sendmail-doc-8.13.1-3.2.el4.i386.rpm SHA-256: 35ab9acc0d71363ca7a527820be0500a55fd7c171e2e53b6c2eec60ade88f6bb

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
sendmail-8.13.1-3.2.el4.src.rpm SHA-256: 2cc427adbbafa5ae3b0836e8cadf4df98d578c7fb742c2db54103a2cbe73fc27
s390x
sendmail-8.13.1-3.2.el4.s390x.rpm SHA-256: 8e35cac7618b5c9f84e4c9978b97fa3debcc298f7967331cd2c4e3cda4f9d7e4
sendmail-cf-8.13.1-3.2.el4.s390x.rpm SHA-256: 8fe7d91eeafec6004e53c267d09052d9448a59d4b0eb0290717ba8ea76dbc479
sendmail-devel-8.13.1-3.2.el4.s390x.rpm SHA-256: 0e3bf9dd8afdf69c58ded3a6d22c7f0ba34b209e987b91ad609110b40102a4bb
sendmail-doc-8.13.1-3.2.el4.s390x.rpm SHA-256: 80b5413f73e150be1dd210ca52c14c39d285deac44ab49e508dc2f90bab9c087
s390
sendmail-8.13.1-3.2.el4.s390.rpm SHA-256: 476f96d4558cb04d170143dd104c2bbd6cbf4a40c0b067bc40d8ce9952b425f0
sendmail-cf-8.13.1-3.2.el4.s390.rpm SHA-256: c53c9451ce4f1f39521221827755f48b90c9d65d2ff0ae7efafa5703a38fc979
sendmail-devel-8.13.1-3.2.el4.s390.rpm SHA-256: 0b4133a4bc5861a6b6b5b8fc2da9e799811f547a4246e7e41565a23b4848b686
sendmail-doc-8.13.1-3.2.el4.s390.rpm SHA-256: 7347bb8b1b21a0786da8dceff8666aed34366814101d543158778e1219e6194c

Red Hat Enterprise Linux for Power, big endian 4

SRPM
sendmail-8.13.1-3.2.el4.src.rpm SHA-256: 2cc427adbbafa5ae3b0836e8cadf4df98d578c7fb742c2db54103a2cbe73fc27
ppc
sendmail-8.13.1-3.2.el4.ppc.rpm SHA-256: cfa8a43cd2799c8a026bb47489c00d745a6a9ac319935016c9f25e14ffc42b4a
sendmail-cf-8.13.1-3.2.el4.ppc.rpm SHA-256: 8171d1f9bab0607a5ce526570ddd08378b3b8cbf4410175a14128b13e1c056de
sendmail-devel-8.13.1-3.2.el4.ppc.rpm SHA-256: f0b5e48d5e4eec91270577d07a50c47016e8f1889b851f487930977215acdaa3
sendmail-doc-8.13.1-3.2.el4.ppc.rpm SHA-256: 5f6e1ef332ede5afb31b153eef677df62ab15387cb05fa3d99ff863919e962f9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter