-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  sendmail (SSA:2006-166-01)

New sendmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0,
10.1, 10.2, and -current to fix a possible denial-of-service issue.

Sendmail's complete advisory may be found here:
  https://www.proofpoint.com/us/products/email-protection/open-source-email-solution

Sendmail has also provided an FAQ about this issue:
  https://www.proofpoint.com/us/products/email-protection/open-source-email-solution

The CVE entry for this issue may be found here:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173


Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/sendmail-8.13.7-i486-1_slack10.2.tgz:
  Upgraded to sendmail-8.13.7.
  Fixes a potential denial of service problem caused by excessive recursion
  leading to stack exhaustion when attempting delivery of a malformed MIME
  message.  This crashes sendmail's queue processing daemon, which in turn
  can lead to two problems:  depending on the settings, these crashed
  processes may create coredumps which could fill a drive partition; and
  such a malformed message in the queue will cause queue processing to
  cease when the message is reached, causing messages that are later in
  the queue to not be processed.
  Sendmail's complete advisory may be found here:
    https://www.proofpoint.com/us/products/email-protection/open-source-email-solution
  Sendmail has also provided an FAQ about this issue:
    https://www.proofpoint.com/us/products/email-protection/open-source-email-solution
  The CVE entry for this issue may be found here:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
  (* Security fix *)
patches/packages/sendmail-cf-8.13.7-noarch-1_slack10.2.tgz:
  Upgraded to sendmail-8.13.7 configs.
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated packages for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-8.13.7-i386-1_slack8.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-cf-8.13.7-noarch-1_slack8.1.tgz

Updated packages for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sendmail-8.13.7-i386-1_slack9.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sendmail-cf-8.13.7-noarch-1_slack9.0.tgz

Updated packages for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/sendmail-cf-8.13.7-noarch-1_slack9.1.tgz

Updated packages for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/sendmail-8.13.7-i486-1_slack10.0.tgz

Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/sendmail-8.13.7-i486-1_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/sendmail-cf-8.13.7-noarch-1_slack10.1.tgz

Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/sendmail-8.13.7-i486-1_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/sendmail-cf-8.13.7-noarch-1_slack10.2.tgz

Updated packages for Slackware -current:


MD5 signatures:
+-------------+

Slackware 8.1 packages:
1c3e9dd9e154e005bdf7201304e7c687  sendmail-8.13.7-i386-1_slack8.1.tgz
ef1bd1755097153511686c084227c6be  sendmail-cf-8.13.7-noarch-1_slack8.1.tgz

Slackware 9.0 packages:
8795f9012db34b3e36468bce07787bb3  sendmail-8.13.7-i386-1_slack9.0.tgz
257eecb0d4f7a38a1e54463dc76e869a  sendmail-cf-8.13.7-noarch-1_slack9.0.tgz

Slackware 9.1 packages:
99edd1f4fd42b7becbf884df5b3d5119  sendmail-8.13.7-i486-1_slack9.1.tgz
ee1234ed4335cadc62456274b55b9143  sendmail-cf-8.13.7-noarch-1_slack9.1.tgz

Slackware 10.0 packages:
9b767acf3043e59799395097253c1d06  sendmail-8.13.7-i486-1_slack10.0.tgz
0fc5cb4b0f1e313dd1f6b7a9be617459  sendmail-cf-8.13.7-noarch-1_slack10.0.tgz

Slackware 10.1 packages:
a7ff6c75a3319f1a9dbbac2c5fe48327  sendmail-8.13.7-i486-1_slack10.1.tgz
5fe8d1f221732dbca518771fb7497bc0  sendmail-cf-8.13.7-noarch-1_slack10.1.tgz

Slackware 10.2 packages:
0ef5d85e5026212fb528b10c3ab89155  sendmail-8.13.7-i486-1_slack10.2.tgz
05bbc5ccfb5d56b1742bf9ea888b2218  sendmail-cf-8.13.7-noarch-1_slack10.2.tgz

Slackware -current packages:
cf7c76831ad25065d1bc2a39decb1da3  sendmail-8.13.7-i486-1.tgz
c14deab3e9f4229137eeb430c4120c78  sendmail-cf-8.13.7-noarch-1.tgz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg sendmail-8.13.7-i486-1.tgz sendmail-cf-8.13.7-noarch-1.tgz

Restart sendmail:
# . /etc/rc.d/rc.sendmail restart


+-----+

Slackware: 2006-166-01: sendmail Security Update

June 15, 2006
New sendmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a possible denial-of-service issue

Summary

Here are the details from the Slackware 10.2 ChangeLog: patches/packages/sendmail-8.13.7-i486-1_slack10.2.tgz: Upgraded to sendmail-8.13.7. Fixes a potential denial of service problem caused by excessive recursion leading to stack exhaustion when attempting delivery of a malformed MIME message. This crashes sendmail's queue processing daemon, which in turn can lead to two problems: depending on the settings, these crashed processes may create coredumps which could fill a drive partition; and such a malformed message in the queue will cause queue processing to cease when the message is reached, causing messages that are later in the queue to not be processed. Sendmail's complete advisory may be found here: https://www.proofpoint.com/us/products/email-protection/open-source-email-solution Sendmail has also provided an FAQ about this issue: https://www.proofpoint.com/us/products/email-protection/open-source-email-solution The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173 (* Security fix *) patches/packages/sendmail-cf-8.13.7-noarch-1_slack10.2.tgz: Upgraded to sendmail-8.13.7 configs.

Where Find New Packages

Updated packages for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-8.13.7-i386-1_slack8.1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-cf-8.13.7-noarch-1_slack8.1.tgz
Updated packages for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sendmail-8.13.7-i386-1_slack9.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sendmail-cf-8.13.7-noarch-1_slack9.0.tgz
Updated packages for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/sendmail-cf-8.13.7-noarch-1_slack9.1.tgz
Updated packages for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/sendmail-8.13.7-i486-1_slack10.0.tgz
Updated packages for Slackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/sendmail-8.13.7-i486-1_slack10.1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/sendmail-cf-8.13.7-noarch-1_slack10.1.tgz
Updated packages for Slackware 10.2: ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/sendmail-8.13.7-i486-1_slack10.2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/sendmail-cf-8.13.7-noarch-1_slack10.2.tgz
Updated packages for Slackware -current:

MD5 Signatures

Slackware 8.1 packages: 1c3e9dd9e154e005bdf7201304e7c687 sendmail-8.13.7-i386-1_slack8.1.tgz ef1bd1755097153511686c084227c6be sendmail-cf-8.13.7-noarch-1_slack8.1.tgz
Slackware 9.0 packages: 8795f9012db34b3e36468bce07787bb3 sendmail-8.13.7-i386-1_slack9.0.tgz 257eecb0d4f7a38a1e54463dc76e869a sendmail-cf-8.13.7-noarch-1_slack9.0.tgz
Slackware 9.1 packages: 99edd1f4fd42b7becbf884df5b3d5119 sendmail-8.13.7-i486-1_slack9.1.tgz ee1234ed4335cadc62456274b55b9143 sendmail-cf-8.13.7-noarch-1_slack9.1.tgz
Slackware 10.0 packages: 9b767acf3043e59799395097253c1d06 sendmail-8.13.7-i486-1_slack10.0.tgz 0fc5cb4b0f1e313dd1f6b7a9be617459 sendmail-cf-8.13.7-noarch-1_slack10.0.tgz
Slackware 10.1 packages: a7ff6c75a3319f1a9dbbac2c5fe48327 sendmail-8.13.7-i486-1_slack10.1.tgz 5fe8d1f221732dbca518771fb7497bc0 sendmail-cf-8.13.7-noarch-1_slack10.1.tgz
Slackware 10.2 packages: 0ef5d85e5026212fb528b10c3ab89155 sendmail-8.13.7-i486-1_slack10.2.tgz 05bbc5ccfb5d56b1742bf9ea888b2218 sendmail-cf-8.13.7-noarch-1_slack10.2.tgz
Slackware -current packages: cf7c76831ad25065d1bc2a39decb1da3 sendmail-8.13.7-i486-1.tgz c14deab3e9f4229137eeb430c4120c78 sendmail-cf-8.13.7-noarch-1.tgz

Severity
[slackware-security] sendmail (SSA:2006-166-01)
New sendmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a possible denial-of-service issue.
Sendmail's complete advisory may be found here: https://www.proofpoint.com/us/products/email-protection/open-source-email-solution
Sendmail has also provided an FAQ about this issue: https://www.proofpoint.com/us/products/email-protection/open-source-email-solution
The CVE entry for this issue may be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg sendmail-8.13.7-i486-1.tgz sendmail-cf-8.13.7-noarch-1.tgz Restart sendmail: # . /etc/rc.d/rc.sendmail restart

Related News

Google Releases Chrome 130 with Critical Security Fixes for 17 Flaws
3 - 5 min read
Google recently unveiled Chrome 130 , an update that addresses several security vulnerabilities to ensure the web browser's safety and reliability.
U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors
3 - 5 min read
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies.
FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems
3 - 5 min read
As malware threats evolve to increasingly target Linux systems, admins and organizations must stay up-to-date on the latest Linux malware variants
Optimizing CWPP on Linux Servers: Best Practices and Configurations
3 - 6 min read
Cloud Workload Protection Platforms are now essential for securing virtual environments. These provide a robust security layer vital for addressing
The Infiltration of Supply Chain Attacks in Open-Source Software Management
3 - 6 min read
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them
Strengthen Your Linux Software Development Pipeline with Code Security Scanners
3 - 6 min read
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security
Everything You Need to Know About Cloud Security Posture Management
3 - 5 min read
Many companies are transitioning from physical servers to cloud operations, but this transformation brings new challenges. Cloud Security Posture
Understanding the Critical Oath-Toolkit Vulnerability and Its Implications for Admins
3 - 5 min read
As Linux security threats advance and evolve, vulnerabilities often surface unexpectedly, exposing systems to potential exploitation. SUSE

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved