Security Advisory sendmail security update

Advisory: RHSA-2006:0264-8
Type: Security Advisory
Severity: Critical
Issued on: 2006-03-22
Last updated on: 2006-03-22
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
OVAL: N/A
CVEs (cve.mitre.org): CVE-2006-0058

Details

Updated sendmail packages to fix a security issue are now available for Red
Hat Enterprise Linux 3 and 4.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Sendmail is a Mail Transport Agent (MTA) used to send mail between machines.

A flaw in the handling of asynchronous signals was discovered in Sendmail.
A remote attacker may be able to exploit a race condition to execute
arbitrary code as root. The Common Vulnerabilities and Exposures project
assigned the name CVE-2006-0058 to this issue.

By default on Red Hat Enterprise Linux 3 and 4, Sendmail is configured to
only accept connections from the local host. Therefore, only users who have
configured Sendmail to listen to remote hosts would be able to be remotely
exploited by this vulnerability.

Users of Sendmail are advised to upgrade to these erratum packages, which
contain a backported patch from the Sendmail team to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
sendmail-8.12.11-4.RHEL3.4.src.rpm
File outdated by:  RHSA-2006:0515		     7d2875e6d9a3b4ddfa54e3be67888070
 
IA-32:
sendmail-8.12.11-4.RHEL3.4.i386.rpm
File outdated by:  RHSA-2006:0515		     944e64db10b061dff22a10117c7f4a31
sendmail-cf-8.12.11-4.RHEL3.4.i386.rpm
File outdated by:  RHSA-2006:0515		     c8fc53343bff73624542b4ea77c2b565
sendmail-devel-8.12.11-4.RHEL3.4.i386.rpm
File outdated by:  RHSA-2006:0515		     090525584bce022b9e04bafbefb9d71a
sendmail-doc-8.12.11-4.RHEL3.4.i386.rpm
File outdated by:  RHSA-2006:0515		     c3ea9cb0ab86047422d58447e93415fb
 
x86_64:
sendmail-8.12.11-4.RHEL3.4.x86_64.rpm
File outdated by:  RHSA-2006:0515		     33764d084b7cfbb9687ec3a55f6e466c
sendmail-cf-8.12.11-4.RHEL3.4.x86_64.rpm
File outdated by:  RHSA-2006:0515		     ea1690edc3270c917b63c10b3c2b47a3
sendmail-devel-8.12.11-4.RHEL3.4.x86_64.rpm
File outdated by:  RHSA-2006:0515		     0a5290a0b2b2c96558fa120120eb316d
sendmail-doc-8.12.11-4.RHEL3.4.x86_64.rpm
File outdated by:  RHSA-2006:0515		     48a4b96f92aea23a54b7e2740dcc8f87
 
Red Hat Desktop (v. 4)
SRPMS:
sendmail-8.13.1-3.RHEL4.3.src.rpm
File outdated by:  RHBA-2008:0762		     e83dd254437bf7d4415a6be12c7a58da
 
IA-32:
sendmail-8.13.1-3.RHEL4.3.i386.rpm
File outdated by:  RHBA-2008:0762		     fba1a601a1ab106f67b22030ad090c28
sendmail-cf-8.13.1-3.RHEL4.3.i386.rpm
File outdated by:  RHBA-2008:0762		     8ed398a86f127e08ee31b19f14deafc4
sendmail-devel-8.13.1-3.RHEL4.3.i386.rpm
File outdated by:  RHBA-2008:0762		     dade78569735970629e880969892b9f3
sendmail-doc-8.13.1-3.RHEL4.3.i386.rpm
File outdated by:  RHBA-2008:0762		     3e656f2c678aa19f32eaad782abada8a
 
x86_64:
sendmail-8.13.1-3.RHEL4.3.x86_64.rpm
File outdated by:  RHBA-2008:0762		     798fc57962c9588440de9556f06fe3ab
sendmail-cf-8.13.1-3.RHEL4.3.x86_64.rpm
File outdated by:  RHBA-2008:0762		     126a565b097fcf2d48b94e735686d083
sendmail-devel-8.13.1-3.RHEL4.3.x86_64.rpm
File outdated by:  RHBA-2008:0762		     8d60a35991c05a6fe959a529ade0959c
sendmail-doc-8.13.1-3.RHEL4.3.x86_64.rpm
File outdated by:  RHBA-2008:0762		     0bcbe2d9682b2505c439650f693a0b6c
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
sendmail-8.12.11-4.RHEL3.4.src.rpm
File outdated by:  RHSA-2006:0515		     7d2875e6d9a3b4ddfa54e3be67888070
 
IA-32:
sendmail-8.12.11-4.RHEL3.4.i386.rpm
File outdated by:  RHSA-2006:0515		     944e64db10b061dff22a10117c7f4a31
sendmail-cf-8.12.11-4.RHEL3.4.i386.rpm
File outdated by:  RHSA-2006:0515		     c8fc53343bff73624542b4ea77c2b565
sendmail-devel-8.12.11-4.RHEL3.4.i386.rpm
File outdated by:  RHSA-2006:0515		     090525584bce022b9e04bafbefb9d71a
sendmail-doc-8.12.11-4.RHEL3.4.i386.rpm
File outdated by:  RHSA-2006:0515		     c3ea9cb0ab86047422d58447e93415fb
 
IA-64:
sendmail-8.12.11-4.RHEL3.4.ia64.rpm
File outdated by:  RHSA-2006:0515		     bc6715fefbd6bd9349b8116a13127d6b
sendmail-cf-8.12.11-4.RHEL3.4.ia64.rpm
File outdated by:  RHSA-2006:0515		     beb6de13a56f2fffdfed69ae7a050137
sendmail-devel-8.12.11-4.RHEL3.4.ia64.rpm
File outdated by:  RHSA-2006:0515		     2ad6d475f92907b535b175a10572c897
sendmail-doc-8.12.11-4.RHEL3.4.ia64.rpm
File outdated by:  RHSA-2006:0515		     231ea97fa236e429ecc6f7734f950025
 
PPC:
sendmail-8.12.11-4.RHEL3.4.ppc.rpm
File outdated by:  RHSA-2006:0515		     e548c09d3101ee937fa900dee199c207
sendmail-cf-8.12.11-4.RHEL3.4.ppc.rpm
File outdated by:  RHSA-2006:0515		     d4e14142aa623898b6a978e7658f036a
sendmail-devel-8.12.11-4.RHEL3.4.ppc.rpm
File outdated by:  RHSA-2006:0515		     813ba2da17685d2923796826d0720735
sendmail-doc-8.12.11-4.RHEL3.4.ppc.rpm
File outdated by:  RHSA-2006:0515		     2dc1c320d39a5733d7e2594a38d2c681
 
s390:
sendmail-8.12.11-4.RHEL3.4.s390.rpm
File outdated by:  RHSA-2006:0515		     28995c615c097f06b93566bcf7e7e620
sendmail-cf-8.12.11-4.RHEL3.4.s390.rpm
File outdated by:  RHSA-2006:0515		     f9f3328d6170be64beaa4f1f43cca5a4
sendmail-devel-8.12.11-4.RHEL3.4.s390.rpm
File outdated by:  RHSA-2006:0515		     6d28c9d70fb26c3ae7916f4c20937095
sendmail-doc-8.12.11-4.RHEL3.4.s390.rpm
File outdated by:  RHSA-2006:0515		     1f16f02650a63249180b285e98fca603
 
s390x:
sendmail-8.12.11-4.RHEL3.4.s390x.rpm
File outdated by:  RHSA-2006:0515		     4ef7001ea500dc64f7f14d42e5ef419b
sendmail-cf-8.12.11-4.RHEL3.4.s390x.rpm
File outdated by:  RHSA-2006:0515		     f6607a113c0efa597fdea8926c060436
sendmail-devel-8.12.11-4.RHEL3.4.s390x.rpm
File outdated by:  RHSA-2006:0515		     65122cedf0c82b7491fcaa30bf135f63
sendmail-doc-8.12.11-4.RHEL3.4.s390x.rpm
File outdated by:  RHSA-2006:0515		     9df7ab571f5ad111db83bf403d58ef88
 
x86_64:
sendmail-8.12.11-4.RHEL3.4.x86_64.rpm
File outdated by:  RHSA-2006:0515		     33764d084b7cfbb9687ec3a55f6e466c
sendmail-cf-8.12.11-4.RHEL3.4.x86_64.rpm
File outdated by:  RHSA-2006:0515		     ea1690edc3270c917b63c10b3c2b47a3
sendmail-devel-8.12.11-4.RHEL3.4.x86_64.rpm
File outdated by:  RHSA-2006:0515		     0a5290a0b2b2c96558fa120120eb316d
sendmail-doc-8.12.11-4.RHEL3.4.x86_64.rpm
File outdated by:  RHSA-2006:0515		     48a4b96f92aea23a54b7e2740dcc8f87
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
sendmail-8.13.1-3.RHEL4.3.src.rpm
File outdated by:  RHBA-2008:0762		     e83dd254437bf7d4415a6be12c7a58da
 
IA-32:
sendmail-8.13.1-3.RHEL4.3.i386.rpm
File outdated by:  RHBA-2008:0762		     fba1a601a1ab106f67b22030ad090c28
sendmail-cf-8.13.1-3.RHEL4.3.i386.rpm
File outdated by:  RHBA-2008:0762		     8ed398a86f127e08ee31b19f14deafc4
sendmail-devel-8.13.1-3.RHEL4.3.i386.rpm
File outdated by:  RHBA-2008:0762		     dade78569735970629e880969892b9f3
sendmail-doc-8.13.1-3.RHEL4.3.i386.rpm
File outdated by:  RHBA-2008:0762		     3e656f2c678aa19f32eaad782abada8a
 
IA-64:
sendmail-8.13.1-3.RHEL4.3.ia64.rpm
File outdated by:  RHBA-2008:0762		     7b366e3fbfab8ce2a4cabff56c5dae2b
sendmail-cf-8.13.1-3.RHEL4.3.ia64.rpm
File outdated by:  RHBA-2008:0762		     4d2625fc1981329a7a348b360c9c2209
sendmail-devel-8.13.1-3.RHEL4.3.ia64.rpm
File outdated by:  RHBA-2008:0762		     23e84e296ce17c5a18d2dd8ed3189d7e
sendmail-doc-8.13.1-3.RHEL4.3.ia64.rpm
File outdated by:  RHBA-2008:0762		     5d4ca9a18cc0cd9148679fc8e4b9b339
 
PPC:
sendmail-8.13.1-3.RHEL4.3.ppc.rpm
File outdated by:  RHBA-2008:0762		     5d46ed345d357e23637ee93538c9bf6c
sendmail-cf-8.13.1-3.RHEL4.3.ppc.rpm
File outdated by:  RHBA-2008:0762		     94419ba6a9ca2b2c5fd6c270e27a0c0a
sendmail-devel-8.13.1-3.RHEL4.3.ppc.rpm
File outdated by:  RHBA-2008:0762		     605283ccb19d98bc52c28455c4cb33ef
sendmail-doc-8.13.1-3.RHEL4.3.ppc.rpm
File outdated by:  RHBA-2008:0762		     f94dff61d5f788c40a6da60bc54f35fd
 
s390:
sendmail-8.13.1-3.RHEL4.3.s390.rpm
File outdated by:  RHBA-2008:0762		     c4a8cae7959a00d193e839219c451ccf
sendmail-cf-8.13.1-3.RHEL4.3.s390.rpm
File outdated by:  RHBA-2008:0762		     de299b0e3f4fd221c13ae2112a1cc8db
sendmail-devel-8.13.1-3.RHEL4.3.s390.rpm
File outdated by:  RHBA-2008:0762		     af0b3dd5a26d1c2c375b9aa83bce4d66
sendmail-doc-8.13.1-3.RHEL4.3.s390.rpm
File outdated by:  RHBA-2008:0762		     4839491332c2ff2fff4316655e3004b4
 
s390x:
sendmail-8.13.1-3.RHEL4.3.s390x.rpm
File outdated by:  RHBA-2008:0762		     035e31b624879ea90785783a4565b91e
sendmail-cf-8.13.1-3.RHEL4.3.s390x.rpm
File outdated by:  RHBA-2008:0762		     a435f54801fe106550537e35078c115e
sendmail-devel-8.13.1-3.RHEL4.3.s390x.rpm
File outdated by:  RHBA-2008:0762		     585b0b0c27f4fb729c31037f0887c375
sendmail-doc-8.13.1-3.RHEL4.3.s390x.rpm
File outdated by:  RHBA-2008:0762		     8ba7aabd895330273240c1bcdbe295a8
 
x86_64:
sendmail-8.13.1-3.RHEL4.3.x86_64.rpm
File outdated by:  RHBA-2008:0762		     798fc57962c9588440de9556f06fe3ab
sendmail-cf-8.13.1-3.RHEL4.3.x86_64.rpm
File outdated by:  RHBA-2008:0762		     126a565b097fcf2d48b94e735686d083
sendmail-devel-8.13.1-3.RHEL4.3.x86_64.rpm
File outdated by:  RHBA-2008:0762		     8d60a35991c05a6fe959a529ade0959c
sendmail-doc-8.13.1-3.RHEL4.3.x86_64.rpm
File outdated by:  RHBA-2008:0762		     0bcbe2d9682b2505c439650f693a0b6c
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
sendmail-8.12.11-4.RHEL3.4.src.rpm
File outdated by:  RHSA-2006:0515		     7d2875e6d9a3b4ddfa54e3be67888070
 
IA-32:
sendmail-8.12.11-4.RHEL3.4.i386.rpm
File outdated by:  RHSA-2006:0515		     944e64db10b061dff22a10117c7f4a31
sendmail-cf-8.12.11-4.RHEL3.4.i386.rpm
File outdated by:  RHSA-2006:0515		     c8fc53343bff73624542b4ea77c2b565
sendmail-devel-8.12.11-4.RHEL3.4.i386.rpm
File outdated by:  RHSA-2006:0515		     090525584bce022b9e04bafbefb9d71a
sendmail-doc-8.12.11-4.RHEL3.4.i386.rpm
File outdated by:  RHSA-2006:0515		     c3ea9cb0ab86047422d58447e93415fb
 
IA-64:
sendmail-8.12.11-4.RHEL3.4.ia64.rpm
File outdated by:  RHSA-2006:0515		     bc6715fefbd6bd9349b8116a13127d6b
sendmail-cf-8.12.11-4.RHEL3.4.ia64.rpm
File outdated by:  RHSA-2006:0515		     beb6de13a56f2fffdfed69ae7a050137
sendmail-devel-8.12.11-4.RHEL3.4.ia64.rpm
File outdated by:  RHSA-2006:0515		     2ad6d475f92907b535b175a10572c897
sendmail-doc-8.12.11-4.RHEL3.4.ia64.rpm
File outdated by:  RHSA-2006:0515		     231ea97fa236e429ecc6f7734f950025
 
x86_64:
sendmail-8.12.11-4.RHEL3.4.x86_64.rpm
File outdated by:  RHSA-2006:0515		     33764d084b7cfbb9687ec3a55f6e466c
sendmail-cf-8.12.11-4.RHEL3.4.x86_64.rpm
File outdated by:  RHSA-2006:0515		     ea1690edc3270c917b63c10b3c2b47a3
sendmail-devel-8.12.11-4.RHEL3.4.x86_64.rpm
File outdated by:  RHSA-2006:0515		     0a5290a0b2b2c96558fa120120eb316d
sendmail-doc-8.12.11-4.RHEL3.4.x86_64.rpm
File outdated by:  RHSA-2006:0515		     48a4b96f92aea23a54b7e2740dcc8f87
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
sendmail-8.13.1-3.RHEL4.3.src.rpm
File outdated by:  RHBA-2008:0762		     e83dd254437bf7d4415a6be12c7a58da
 
IA-32:
sendmail-8.13.1-3.RHEL4.3.i386.rpm
File outdated by:  RHBA-2008:0762		     fba1a601a1ab106f67b22030ad090c28
sendmail-cf-8.13.1-3.RHEL4.3.i386.rpm
File outdated by:  RHBA-2008:0762		     8ed398a86f127e08ee31b19f14deafc4
sendmail-devel-8.13.1-3.RHEL4.3.i386.rpm
File outdated by:  RHBA-2008:0762		     dade78569735970629e880969892b9f3
sendmail-doc-8.13.1-3.RHEL4.3.i386.rpm
File outdated by:  RHBA-2008:0762		     3e656f2c678aa19f32eaad782abada8a
 
IA-64:
sendmail-8.13.1-3.RHEL4.3.ia64.rpm
File outdated by:  RHBA-2008:0762		     7b366e3fbfab8ce2a4cabff56c5dae2b
sendmail-cf-8.13.1-3.RHEL4.3.ia64.rpm
File outdated by:  RHBA-2008:0762		     4d2625fc1981329a7a348b360c9c2209
sendmail-devel-8.13.1-3.RHEL4.3.ia64.rpm
File outdated by:  RHBA-2008:0762		     23e84e296ce17c5a18d2dd8ed3189d7e
sendmail-doc-8.13.1-3.RHEL4.3.ia64.rpm
File outdated by:  RHBA-2008:0762		     5d4ca9a18cc0cd9148679fc8e4b9b339
 
x86_64:
sendmail-8.13.1-3.RHEL4.3.x86_64.rpm
File outdated by:  RHBA-2008:0762		     798fc57962c9588440de9556f06fe3ab
sendmail-cf-8.13.1-3.RHEL4.3.x86_64.rpm
File outdated by:  RHBA-2008:0762		     126a565b097fcf2d48b94e735686d083
sendmail-devel-8.13.1-3.RHEL4.3.x86_64.rpm
File outdated by:  RHBA-2008:0762		     8d60a35991c05a6fe959a529ade0959c
sendmail-doc-8.13.1-3.RHEL4.3.x86_64.rpm
File outdated by:  RHBA-2008:0762		     0bcbe2d9682b2505c439650f693a0b6c
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
sendmail-8.12.11-4.RHEL3.4.src.rpm
File outdated by:  RHSA-2006:0515		     7d2875e6d9a3b4ddfa54e3be67888070
 
IA-32:
sendmail-8.12.11-4.RHEL3.4.i386.rpm
File outdated by:  RHSA-2006:0515		     944e64db10b061dff22a10117c7f4a31
sendmail-cf-8.12.11-4.RHEL3.4.i386.rpm
File outdated by:  RHSA-2006:0515		     c8fc53343bff73624542b4ea77c2b565
sendmail-devel-8.12.11-4.RHEL3.4.i386.rpm
File outdated by:  RHSA-2006:0515		     090525584bce022b9e04bafbefb9d71a
sendmail-doc-8.12.11-4.RHEL3.4.i386.rpm
File outdated by:  RHSA-2006:0515		     c3ea9cb0ab86047422d58447e93415fb
 
IA-64:
sendmail-8.12.11-4.RHEL3.4.ia64.rpm
File outdated by:  RHSA-2006:0515		     bc6715fefbd6bd9349b8116a13127d6b
sendmail-cf-8.12.11-4.RHEL3.4.ia64.rpm
File outdated by:  RHSA-2006:0515		     beb6de13a56f2fffdfed69ae7a050137
sendmail-devel-8.12.11-4.RHEL3.4.ia64.rpm
File outdated by:  RHSA-2006:0515		     2ad6d475f92907b535b175a10572c897
sendmail-doc-8.12.11-4.RHEL3.4.ia64.rpm
File outdated by:  RHSA-2006:0515		     231ea97fa236e429ecc6f7734f950025
 
x86_64:
sendmail-8.12.11-4.RHEL3.4.x86_64.rpm
File outdated by:  RHSA-2006:0515		     33764d084b7cfbb9687ec3a55f6e466c
sendmail-cf-8.12.11-4.RHEL3.4.x86_64.rpm
File outdated by:  RHSA-2006:0515		     ea1690edc3270c917b63c10b3c2b47a3
sendmail-devel-8.12.11-4.RHEL3.4.x86_64.rpm
File outdated by:  RHSA-2006:0515		     0a5290a0b2b2c96558fa120120eb316d
sendmail-doc-8.12.11-4.RHEL3.4.x86_64.rpm
File outdated by:  RHSA-2006:0515		     48a4b96f92aea23a54b7e2740dcc8f87
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
sendmail-8.13.1-3.RHEL4.3.src.rpm
File outdated by:  RHBA-2008:0762		     e83dd254437bf7d4415a6be12c7a58da
 
IA-32:
sendmail-8.13.1-3.RHEL4.3.i386.rpm
File outdated by:  RHBA-2008:0762		     fba1a601a1ab106f67b22030ad090c28
sendmail-cf-8.13.1-3.RHEL4.3.i386.rpm
File outdated by:  RHBA-2008:0762		     8ed398a86f127e08ee31b19f14deafc4
sendmail-devel-8.13.1-3.RHEL4.3.i386.rpm
File outdated by:  RHBA-2008:0762		     dade78569735970629e880969892b9f3
sendmail-doc-8.13.1-3.RHEL4.3.i386.rpm
File outdated by:  RHBA-2008:0762		     3e656f2c678aa19f32eaad782abada8a
 
IA-64:
sendmail-8.13.1-3.RHEL4.3.ia64.rpm
File outdated by:  RHBA-2008:0762		     7b366e3fbfab8ce2a4cabff56c5dae2b
sendmail-cf-8.13.1-3.RHEL4.3.ia64.rpm
File outdated by:  RHBA-2008:0762		     4d2625fc1981329a7a348b360c9c2209
sendmail-devel-8.13.1-3.RHEL4.3.ia64.rpm
File outdated by:  RHBA-2008:0762		     23e84e296ce17c5a18d2dd8ed3189d7e
sendmail-doc-8.13.1-3.RHEL4.3.ia64.rpm
File outdated by:  RHBA-2008:0762		     5d4ca9a18cc0cd9148679fc8e4b9b339
 
x86_64:
sendmail-8.13.1-3.RHEL4.3.x86_64.rpm
File outdated by:  RHBA-2008:0762		     798fc57962c9588440de9556f06fe3ab
sendmail-cf-8.13.1-3.RHEL4.3.x86_64.rpm
File outdated by:  RHBA-2008:0762		     126a565b097fcf2d48b94e735686d083
sendmail-devel-8.13.1-3.RHEL4.3.x86_64.rpm
File outdated by:  RHBA-2008:0762		     8d60a35991c05a6fe959a529ade0959c
sendmail-doc-8.13.1-3.RHEL4.3.x86_64.rpm
File outdated by:  RHBA-2008:0762		     0bcbe2d9682b2505c439650f693a0b6c
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

184465 - CVE-2006-0058 Sendmail race condition issue


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
http://www.kb.cert.org/vuls/id/834865

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/