lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1GIYqm-000386-QX@mercury.mandriva.com>
Date: Wed, 30 Aug 2006 16:48:00 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2006:156 ] - Updated sendmail packages fix DoS vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:156
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : sendmail
 Date    : August 30, 2006
 Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Moritz Jodeit discovered a vulnerability in sendmail when processing
 very long header lines that could be exploited to cause a Denial of
 Service by crashing sendmail.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4434
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 a870f27eea807314c3688258eed755a5  2006.0/RPMS/sendmail-8.13.4-6.3.20060mdk.i586.rpm
 35666ba77272168154638784d3126e8a  2006.0/RPMS/sendmail-cf-8.13.4-6.3.20060mdk.i586.rpm
 e68900de30eb26c1ad6023b6f25feda4  2006.0/RPMS/sendmail-devel-8.13.4-6.3.20060mdk.i586.rpm
 adbdad6844cc56e002e300703dfa800f  2006.0/RPMS/sendmail-doc-8.13.4-6.3.20060mdk.i586.rpm
 8db59bc684bf7ee7b50f8d9025aa2f99  2006.0/SRPMS/sendmail-8.13.4-6.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 1c23ae6dc8b9aad58efa1f45082bd594  x86_64/2006.0/RPMS/sendmail-8.13.4-6.3.20060mdk.x86_64.rpm
 4a4d76c56fb75c24994b0e7759033462  x86_64/2006.0/RPMS/sendmail-cf-8.13.4-6.3.20060mdk.x86_64.rpm
 15316c4ecd26d10f840a0e2e9cff0164  x86_64/2006.0/RPMS/sendmail-devel-8.13.4-6.3.20060mdk.x86_64.rpm
 31db86ce194192d535a6adbb60f86691  x86_64/2006.0/RPMS/sendmail-doc-8.13.4-6.3.20060mdk.x86_64.rpm
 8db59bc684bf7ee7b50f8d9025aa2f99  x86_64/2006.0/SRPMS/sendmail-8.13.4-6.3.20060mdk.src.rpm

 Corporate 3.0:
 421f3b45e01bbb9ea6dd907a60eafd21  corporate/3.0/RPMS/sendmail-8.12.11-1.3.C30mdk.i586.rpm
 363fe7e5f501e3c638f893e3bb805889  corporate/3.0/RPMS/sendmail-cf-8.12.11-1.3.C30mdk.i586.rpm
 efdfae3157d77708d2fdec4fdcbd2362  corporate/3.0/RPMS/sendmail-devel-8.12.11-1.3.C30mdk.i586.rpm
 05d8e255ebe10729361bde038ab999ec  corporate/3.0/RPMS/sendmail-doc-8.12.11-1.3.C30mdk.i586.rpm
 bc7577c81a324fb8c2cb4392f9039372  corporate/3.0/SRPMS/sendmail-8.12.11-1.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 65d846ef86d0df8d32316c79a2b9a326  x86_64/corporate/3.0/RPMS/sendmail-8.12.11-1.3.C30mdk.x86_64.rpm
 457e8e7d69b48bbeff20a54c3f01ef4d  x86_64/corporate/3.0/RPMS/sendmail-cf-8.12.11-1.3.C30mdk.x86_64.rpm
 34e7e51ef099d09b4781d79b3e05be42  x86_64/corporate/3.0/RPMS/sendmail-devel-8.12.11-1.3.C30mdk.x86_64.rpm
 31d545ea1139af2b397a5e65d1b6c961  x86_64/corporate/3.0/RPMS/sendmail-doc-8.12.11-1.3.C30mdk.x86_64.rpm
 bc7577c81a324fb8c2cb4392f9039372  x86_64/corporate/3.0/SRPMS/sendmail-8.12.11-1.3.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 d4f9409b6f07b43d8d28340553a42aac  mnf/2.0/RPMS/sendmail-8.12.11-1.3.M20mdk.i586.rpm
 f50c4ea50ac1f24431c7a693cc665e72  mnf/2.0/RPMS/sendmail-cf-8.12.11-1.3.M20mdk.i586.rpm
 7b141d0baf6d3c42bc88bf9aec6c3c93  mnf/2.0/SRPMS/sendmail-8.12.11-1.3.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE9egqmqjQ0CJFipgRApk0AJ96l62HBwBLqNdXdTv3XlKZW9qYhACfaRui
AA2jidzJyYzItJ2RZHIMtHQ=
=jHtc
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ