- Issued:
- 2007-05-01
- Updated:
- 2007-05-01
RHSA-2007:0252 - Security Advisory
Synopsis
Low: sendmail security and bug fix update
Type/Severity
Security Advisory: Low
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated sendmail packages that fix a security issue and various bugs are now
available for Red Hat Enterprise Linux 4.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Description
Sendmail is a very widely used Mail Transport Agent (MTA). MTAs deliver
mail from one machine to another. Sendmail is not a client program, but
rather a behind-the-scenes daemon that moves email over networks or the
Internet to its final destination.
The configuration of Sendmail on Red Hat Enterprise Linux was found to not
reject the "localhost.localdomain" domain name for e-mail messages that
came from external hosts. This could have allowed remote attackers to
disguise spoofed messages (CVE-2006-7176).
This updated package also fixes the following bugs:
- Infinite loop within tls read.
- Incorrect path to selinuxenabled in initscript.
- Build artifacts from sendmail-cf package.
- Missing socketmap support.
- Add support for CipherList configuration directive.
- Path for aliases file.
- Failure of shutting down sm-client.
- Allows to specify persistent queue runners.
- Missing dnl for SMART_HOST define.
- Fixes connections stay in CLOSE_WAIT.
All users of Sendmail should upgrade to these updated packages, which
contains backported patches to resolve these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
Fixes
- BZ - 121850 - [PATCH] infinite loop within tls_read
- BZ - 152282 - Incorrect path to selinuxenabled in /etc/init.d/sendmail
- BZ - 152955 - sendmail-cf contains rpm build artifacts
- BZ - 156191 - Changelog says 'Socketmap Supported' but it's not compiled in.
- BZ - 166744 - aliases man page specifies incorrect location of aliases file
- BZ - 171838 - CVE-2006-7176 sendmail allows external mail with from address xxx@localhost.localdomain
- BZ - 172352 - Sendmail allows SSLv2 during STARTTLS, and the CipherList config option isn't supported so you can't turn it off
- BZ - 200920 - shutting down sm-client fails
- BZ - 200921 - [PATCH] method to specify persistent queue runners?
- BZ - 200923 - sendmail.mc missing dnl on SMART_HOST define
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server 4
| SRPM | |
|---|---|
| sendmail-8.13.1-3.2.el4.src.rpm | SHA-256: 2cc427adbbafa5ae3b0836e8cadf4df98d578c7fb742c2db54103a2cbe73fc27 |
| x86_64 | |
| sendmail-8.13.1-3.2.el4.x86_64.rpm | SHA-256: 9f7a9b075f95dd1d4bd1f2fdebe352eaf6242a491a3e523f6595ea1d82868b34 |
| sendmail-8.13.1-3.2.el4.x86_64.rpm | SHA-256: 9f7a9b075f95dd1d4bd1f2fdebe352eaf6242a491a3e523f6595ea1d82868b34 |
| sendmail-cf-8.13.1-3.2.el4.x86_64.rpm | SHA-256: ce84b5fad685f6bb8ca3651932146ced208915d80d34b19fe80355fb76d24990 |
| sendmail-cf-8.13.1-3.2.el4.x86_64.rpm | SHA-256: ce84b5fad685f6bb8ca3651932146ced208915d80d34b19fe80355fb76d24990 |
| sendmail-devel-8.13.1-3.2.el4.x86_64.rpm | SHA-256: 909c36a57bddc33e338f71d9de23f68571e61960de06a93c0b836046fa29963a |
| sendmail-devel-8.13.1-3.2.el4.x86_64.rpm | SHA-256: 909c36a57bddc33e338f71d9de23f68571e61960de06a93c0b836046fa29963a |
| sendmail-doc-8.13.1-3.2.el4.x86_64.rpm | SHA-256: 74d29f2f18fae6011d961063cd4eda4f8b0eefc91312c8709075da32054d2723 |
| sendmail-doc-8.13.1-3.2.el4.x86_64.rpm | SHA-256: 74d29f2f18fae6011d961063cd4eda4f8b0eefc91312c8709075da32054d2723 |
| ia64 | |
| sendmail-8.13.1-3.2.el4.ia64.rpm | SHA-256: 40bc811664cb69ea2bb66788a4130dc2e91f60cccc2774604795478ddb9e1442 |
| sendmail-8.13.1-3.2.el4.ia64.rpm | SHA-256: 40bc811664cb69ea2bb66788a4130dc2e91f60cccc2774604795478ddb9e1442 |
| sendmail-cf-8.13.1-3.2.el4.ia64.rpm | SHA-256: 6af4db93f94894e367cc524b4ba85edb87765b0db8f41d82cf5232a580827e18 |
| sendmail-cf-8.13.1-3.2.el4.ia64.rpm | SHA-256: 6af4db93f94894e367cc524b4ba85edb87765b0db8f41d82cf5232a580827e18 |
| sendmail-devel-8.13.1-3.2.el4.ia64.rpm | SHA-256: d4a243210eeddf87056ec0a6ca048dbc772733a95e09b60b5d93aee04ce00cef |
| sendmail-devel-8.13.1-3.2.el4.ia64.rpm | SHA-256: d4a243210eeddf87056ec0a6ca048dbc772733a95e09b60b5d93aee04ce00cef |
| sendmail-doc-8.13.1-3.2.el4.ia64.rpm | SHA-256: 1b054a453276fdac2108acf4439c350019800ba0bd0cd92992c2c5ea0b42d9bb |
| sendmail-doc-8.13.1-3.2.el4.ia64.rpm | SHA-256: 1b054a453276fdac2108acf4439c350019800ba0bd0cd92992c2c5ea0b42d9bb |
| i386 | |
| sendmail-8.13.1-3.2.el4.i386.rpm | SHA-256: 15a0b79ca82010da1e1e893761abab067139858dc675cae90d79f100dd72f880 |
| sendmail-8.13.1-3.2.el4.i386.rpm | SHA-256: 15a0b79ca82010da1e1e893761abab067139858dc675cae90d79f100dd72f880 |
| sendmail-cf-8.13.1-3.2.el4.i386.rpm | SHA-256: e13f50fa42bc43ebbbcadea3b00611034eeb18157c6f4bb72962348cb37522d8 |
| sendmail-cf-8.13.1-3.2.el4.i386.rpm | SHA-256: e13f50fa42bc43ebbbcadea3b00611034eeb18157c6f4bb72962348cb37522d8 |
| sendmail-devel-8.13.1-3.2.el4.i386.rpm | SHA-256: 8e9a3ac6ca45d089d6572564b9fd4695dbf129127f733289e99c91cfb37479f1 |
| sendmail-devel-8.13.1-3.2.el4.i386.rpm | SHA-256: 8e9a3ac6ca45d089d6572564b9fd4695dbf129127f733289e99c91cfb37479f1 |
| sendmail-doc-8.13.1-3.2.el4.i386.rpm | SHA-256: 35ab9acc0d71363ca7a527820be0500a55fd7c171e2e53b6c2eec60ade88f6bb |
| sendmail-doc-8.13.1-3.2.el4.i386.rpm | SHA-256: 35ab9acc0d71363ca7a527820be0500a55fd7c171e2e53b6c2eec60ade88f6bb |
Red Hat Enterprise Linux Workstation 4
| SRPM | |
|---|---|
| sendmail-8.13.1-3.2.el4.src.rpm | SHA-256: 2cc427adbbafa5ae3b0836e8cadf4df98d578c7fb742c2db54103a2cbe73fc27 |
| x86_64 | |
| sendmail-8.13.1-3.2.el4.x86_64.rpm | SHA-256: 9f7a9b075f95dd1d4bd1f2fdebe352eaf6242a491a3e523f6595ea1d82868b34 |
| sendmail-cf-8.13.1-3.2.el4.x86_64.rpm | SHA-256: ce84b5fad685f6bb8ca3651932146ced208915d80d34b19fe80355fb76d24990 |
| sendmail-devel-8.13.1-3.2.el4.x86_64.rpm | SHA-256: 909c36a57bddc33e338f71d9de23f68571e61960de06a93c0b836046fa29963a |
| sendmail-doc-8.13.1-3.2.el4.x86_64.rpm | SHA-256: 74d29f2f18fae6011d961063cd4eda4f8b0eefc91312c8709075da32054d2723 |
| ia64 | |
| sendmail-8.13.1-3.2.el4.ia64.rpm | SHA-256: 40bc811664cb69ea2bb66788a4130dc2e91f60cccc2774604795478ddb9e1442 |
| sendmail-cf-8.13.1-3.2.el4.ia64.rpm | SHA-256: 6af4db93f94894e367cc524b4ba85edb87765b0db8f41d82cf5232a580827e18 |
| sendmail-devel-8.13.1-3.2.el4.ia64.rpm | SHA-256: d4a243210eeddf87056ec0a6ca048dbc772733a95e09b60b5d93aee04ce00cef |
| sendmail-doc-8.13.1-3.2.el4.ia64.rpm | SHA-256: 1b054a453276fdac2108acf4439c350019800ba0bd0cd92992c2c5ea0b42d9bb |
| i386 | |
| sendmail-8.13.1-3.2.el4.i386.rpm | SHA-256: 15a0b79ca82010da1e1e893761abab067139858dc675cae90d79f100dd72f880 |
| sendmail-cf-8.13.1-3.2.el4.i386.rpm | SHA-256: e13f50fa42bc43ebbbcadea3b00611034eeb18157c6f4bb72962348cb37522d8 |
| sendmail-devel-8.13.1-3.2.el4.i386.rpm | SHA-256: 8e9a3ac6ca45d089d6572564b9fd4695dbf129127f733289e99c91cfb37479f1 |
| sendmail-doc-8.13.1-3.2.el4.i386.rpm | SHA-256: 35ab9acc0d71363ca7a527820be0500a55fd7c171e2e53b6c2eec60ade88f6bb |
Red Hat Enterprise Linux Desktop 4
| SRPM | |
|---|---|
| sendmail-8.13.1-3.2.el4.src.rpm | SHA-256: 2cc427adbbafa5ae3b0836e8cadf4df98d578c7fb742c2db54103a2cbe73fc27 |
| x86_64 | |
| sendmail-8.13.1-3.2.el4.x86_64.rpm | SHA-256: 9f7a9b075f95dd1d4bd1f2fdebe352eaf6242a491a3e523f6595ea1d82868b34 |
| sendmail-cf-8.13.1-3.2.el4.x86_64.rpm | SHA-256: ce84b5fad685f6bb8ca3651932146ced208915d80d34b19fe80355fb76d24990 |
| sendmail-devel-8.13.1-3.2.el4.x86_64.rpm | SHA-256: 909c36a57bddc33e338f71d9de23f68571e61960de06a93c0b836046fa29963a |
| sendmail-doc-8.13.1-3.2.el4.x86_64.rpm | SHA-256: 74d29f2f18fae6011d961063cd4eda4f8b0eefc91312c8709075da32054d2723 |
| i386 | |
| sendmail-8.13.1-3.2.el4.i386.rpm | SHA-256: 15a0b79ca82010da1e1e893761abab067139858dc675cae90d79f100dd72f880 |
| sendmail-cf-8.13.1-3.2.el4.i386.rpm | SHA-256: e13f50fa42bc43ebbbcadea3b00611034eeb18157c6f4bb72962348cb37522d8 |
| sendmail-devel-8.13.1-3.2.el4.i386.rpm | SHA-256: 8e9a3ac6ca45d089d6572564b9fd4695dbf129127f733289e99c91cfb37479f1 |
| sendmail-doc-8.13.1-3.2.el4.i386.rpm | SHA-256: 35ab9acc0d71363ca7a527820be0500a55fd7c171e2e53b6c2eec60ade88f6bb |
Red Hat Enterprise Linux for IBM z Systems 4
| SRPM | |
|---|---|
| sendmail-8.13.1-3.2.el4.src.rpm | SHA-256: 2cc427adbbafa5ae3b0836e8cadf4df98d578c7fb742c2db54103a2cbe73fc27 |
| s390x | |
| sendmail-8.13.1-3.2.el4.s390x.rpm | SHA-256: 8e35cac7618b5c9f84e4c9978b97fa3debcc298f7967331cd2c4e3cda4f9d7e4 |
| sendmail-cf-8.13.1-3.2.el4.s390x.rpm | SHA-256: 8fe7d91eeafec6004e53c267d09052d9448a59d4b0eb0290717ba8ea76dbc479 |
| sendmail-devel-8.13.1-3.2.el4.s390x.rpm | SHA-256: 0e3bf9dd8afdf69c58ded3a6d22c7f0ba34b209e987b91ad609110b40102a4bb |
| sendmail-doc-8.13.1-3.2.el4.s390x.rpm | SHA-256: 80b5413f73e150be1dd210ca52c14c39d285deac44ab49e508dc2f90bab9c087 |
| s390 | |
| sendmail-8.13.1-3.2.el4.s390.rpm | SHA-256: 476f96d4558cb04d170143dd104c2bbd6cbf4a40c0b067bc40d8ce9952b425f0 |
| sendmail-cf-8.13.1-3.2.el4.s390.rpm | SHA-256: c53c9451ce4f1f39521221827755f48b90c9d65d2ff0ae7efafa5703a38fc979 |
| sendmail-devel-8.13.1-3.2.el4.s390.rpm | SHA-256: 0b4133a4bc5861a6b6b5b8fc2da9e799811f547a4246e7e41565a23b4848b686 |
| sendmail-doc-8.13.1-3.2.el4.s390.rpm | SHA-256: 7347bb8b1b21a0786da8dceff8666aed34366814101d543158778e1219e6194c |
Red Hat Enterprise Linux for Power, big endian 4
| SRPM | |
|---|---|
| sendmail-8.13.1-3.2.el4.src.rpm | SHA-256: 2cc427adbbafa5ae3b0836e8cadf4df98d578c7fb742c2db54103a2cbe73fc27 |
| ppc | |
| sendmail-8.13.1-3.2.el4.ppc.rpm | SHA-256: cfa8a43cd2799c8a026bb47489c00d745a6a9ac319935016c9f25e14ffc42b4a |
| sendmail-cf-8.13.1-3.2.el4.ppc.rpm | SHA-256: 8171d1f9bab0607a5ce526570ddd08378b3b8cbf4410175a14128b13e1c056de |
| sendmail-devel-8.13.1-3.2.el4.ppc.rpm | SHA-256: f0b5e48d5e4eec91270577d07a50c47016e8f1889b851f487930977215acdaa3 |
| sendmail-doc-8.13.1-3.2.el4.ppc.rpm | SHA-256: 5f6e1ef332ede5afb31b153eef677df62ab15387cb05fa3d99ff863919e962f9 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.