Skip to navigation

Security Advisory Low: sendmail security and bug fix update

Advisory: RHSA-2007:0252-2
Type: Security Advisory
Severity: Low
Issued on: 2007-05-01
Last updated on: 2007-05-01
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2006-7176

Details

Updated sendmail packages that fix a security issue and various bugs are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

Sendmail is a very widely used Mail Transport Agent (MTA). MTAs deliver
mail from one machine to another. Sendmail is not a client program, but
rather a behind-the-scenes daemon that moves email over networks or the
Internet to its final destination.

The configuration of Sendmail on Red Hat Enterprise Linux was found to not
reject the "localhost.localdomain" domain name for e-mail messages that
came from external hosts. This could have allowed remote attackers to
disguise spoofed messages (CVE-2006-7176).

This updated package also fixes the following bugs:

* Infinite loop within tls read.

* Incorrect path to selinuxenabled in initscript.

* Build artifacts from sendmail-cf package.

* Missing socketmap support.

* Add support for CipherList configuration directive.

* Path for aliases file.

* Failure of shutting down sm-client.

* Allows to specify persistent queue runners.

* Missing dnl for SMART_HOST define.

* Fixes connections stay in CLOSE_WAIT.

All users of Sendmail should upgrade to these updated packages, which
contains backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
sendmail-8.13.1-3.2.el4.src.rpm
File outdated by:  RHSA-2011:0262
    MD5: e07d0205352eb73b1011021a10522b61
 
IA-32:
sendmail-8.13.1-3.2.el4.i386.rpm
File outdated by:  RHSA-2011:0262
    MD5: 54e4730bcfcb10b6e865af6886e58bf4
sendmail-cf-8.13.1-3.2.el4.i386.rpm
File outdated by:  RHSA-2011:0262
    MD5: 7db401a5ac49f76abc7812c26652c1ea
sendmail-devel-8.13.1-3.2.el4.i386.rpm
File outdated by:  RHSA-2011:0262
    MD5: 658721b05ad13272736f28f9e2396460
sendmail-doc-8.13.1-3.2.el4.i386.rpm
File outdated by:  RHSA-2011:0262
    MD5: eaeba078a91bf80ea81be7ced9f14a60
 
x86_64:
sendmail-8.13.1-3.2.el4.x86_64.rpm
File outdated by:  RHSA-2011:0262
    MD5: b32d5cc7710c22895c8709a2fdb6ee6d
sendmail-cf-8.13.1-3.2.el4.x86_64.rpm
File outdated by:  RHSA-2011:0262
    MD5: 7343b19614880e430016319462dc1399
sendmail-devel-8.13.1-3.2.el4.x86_64.rpm
File outdated by:  RHSA-2011:0262
    MD5: 0a1ec7e3864548765077d8c0b85f3ea6
sendmail-doc-8.13.1-3.2.el4.x86_64.rpm
File outdated by:  RHSA-2011:0262
    MD5: 5652fa8847d14232c3e3ed21a3bab160
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
sendmail-8.13.1-3.2.el4.src.rpm
File outdated by:  RHSA-2011:0262
    MD5: e07d0205352eb73b1011021a10522b61
 
IA-32:
sendmail-8.13.1-3.2.el4.i386.rpm
File outdated by:  RHSA-2011:0262
    MD5: 54e4730bcfcb10b6e865af6886e58bf4
sendmail-cf-8.13.1-3.2.el4.i386.rpm
File outdated by:  RHSA-2011:0262
    MD5: 7db401a5ac49f76abc7812c26652c1ea
sendmail-devel-8.13.1-3.2.el4.i386.rpm
File outdated by:  RHSA-2011:0262
    MD5: 658721b05ad13272736f28f9e2396460
sendmail-doc-8.13.1-3.2.el4.i386.rpm
File outdated by:  RHSA-2011:0262
    MD5: eaeba078a91bf80ea81be7ced9f14a60
 
IA-64:
sendmail-8.13.1-3.2.el4.ia64.rpm
File outdated by:  RHSA-2011:0262
    MD5: f5b2c9c308e22965dc1d6864d7b98813
sendmail-cf-8.13.1-3.2.el4.ia64.rpm
File outdated by:  RHSA-2011:0262
    MD5: 931c1f98f30189e8a525e9d4be72c706
sendmail-devel-8.13.1-3.2.el4.ia64.rpm
File outdated by:  RHSA-2011:0262
    MD5: f31db098d7450d6e4121b370d21e583e
sendmail-doc-8.13.1-3.2.el4.ia64.rpm
File outdated by:  RHSA-2011:0262
    MD5: 120f9fb49dde5a1b0c9b026470feed41
 
PPC:
sendmail-8.13.1-3.2.el4.ppc.rpm
File outdated by:  RHSA-2011:0262
    MD5: b0fb1b772ccc0cccb81819897fb29819
sendmail-cf-8.13.1-3.2.el4.ppc.rpm
File outdated by:  RHSA-2011:0262
    MD5: e0a1d1a0ffceb5f78e7a7d90a28ad09f
sendmail-devel-8.13.1-3.2.el4.ppc.rpm
File outdated by:  RHSA-2011:0262
    MD5: 90ada0195183a7e519c7a42de602587b
sendmail-doc-8.13.1-3.2.el4.ppc.rpm
File outdated by:  RHSA-2011:0262
    MD5: ae87913c88ec26fc316019a4fe060c0b
 
s390:
sendmail-8.13.1-3.2.el4.s390.rpm
File outdated by:  RHSA-2011:0262
    MD5: 7efcf2a9513d9eb2baf9605a0790519e
sendmail-cf-8.13.1-3.2.el4.s390.rpm
File outdated by:  RHSA-2011:0262
    MD5: 38aa827a7e26e368ad029faaa63373ef
sendmail-devel-8.13.1-3.2.el4.s390.rpm
File outdated by:  RHSA-2011:0262
    MD5: 03b6bd2e0a2bdbea93b953b16d988819
sendmail-doc-8.13.1-3.2.el4.s390.rpm
File outdated by:  RHSA-2011:0262
    MD5: 80d93c9d2631655a4bf839d54d1b3e78
 
s390x:
sendmail-8.13.1-3.2.el4.s390x.rpm
File outdated by:  RHSA-2011:0262
    MD5: 0089b24c8077394abc60f2e5fd7fccb1
sendmail-cf-8.13.1-3.2.el4.s390x.rpm
File outdated by:  RHSA-2011:0262
    MD5: d71011432c7461b8b58d3fe62307c01b
sendmail-devel-8.13.1-3.2.el4.s390x.rpm
File outdated by:  RHSA-2011:0262
    MD5: bbfe650afd7529e1bc25ea79038a309d
sendmail-doc-8.13.1-3.2.el4.s390x.rpm
File outdated by:  RHSA-2011:0262
    MD5: 2991cd74266e23d7edbc3818719640dc
 
x86_64:
sendmail-8.13.1-3.2.el4.x86_64.rpm
File outdated by:  RHSA-2011:0262
    MD5: b32d5cc7710c22895c8709a2fdb6ee6d
sendmail-cf-8.13.1-3.2.el4.x86_64.rpm
File outdated by:  RHSA-2011:0262
    MD5: 7343b19614880e430016319462dc1399
sendmail-devel-8.13.1-3.2.el4.x86_64.rpm
File outdated by:  RHSA-2011:0262
    MD5: 0a1ec7e3864548765077d8c0b85f3ea6
sendmail-doc-8.13.1-3.2.el4.x86_64.rpm
File outdated by:  RHSA-2011:0262
    MD5: 5652fa8847d14232c3e3ed21a3bab160
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
sendmail-8.13.1-3.2.el4.src.rpm
File outdated by:  RHSA-2011:0262
    MD5: e07d0205352eb73b1011021a10522b61
 
IA-32:
sendmail-8.13.1-3.2.el4.i386.rpm
File outdated by:  RHSA-2011:0262
    MD5: 54e4730bcfcb10b6e865af6886e58bf4
sendmail-cf-8.13.1-3.2.el4.i386.rpm
File outdated by:  RHSA-2011:0262
    MD5: 7db401a5ac49f76abc7812c26652c1ea
sendmail-devel-8.13.1-3.2.el4.i386.rpm
File outdated by:  RHSA-2011:0262
    MD5: 658721b05ad13272736f28f9e2396460
sendmail-doc-8.13.1-3.2.el4.i386.rpm
File outdated by:  RHSA-2011:0262
    MD5: eaeba078a91bf80ea81be7ced9f14a60
 
IA-64:
sendmail-8.13.1-3.2.el4.ia64.rpm
File outdated by:  RHSA-2011:0262
    MD5: f5b2c9c308e22965dc1d6864d7b98813
sendmail-cf-8.13.1-3.2.el4.ia64.rpm
File outdated by:  RHSA-2011:0262
    MD5: 931c1f98f30189e8a525e9d4be72c706
sendmail-devel-8.13.1-3.2.el4.ia64.rpm
File outdated by:  RHSA-2011:0262
    MD5: f31db098d7450d6e4121b370d21e583e
sendmail-doc-8.13.1-3.2.el4.ia64.rpm
File outdated by:  RHSA-2011:0262
    MD5: 120f9fb49dde5a1b0c9b026470feed41
 
x86_64:
sendmail-8.13.1-3.2.el4.x86_64.rpm
File outdated by:  RHSA-2011:0262
    MD5: b32d5cc7710c22895c8709a2fdb6ee6d
sendmail-cf-8.13.1-3.2.el4.x86_64.rpm
File outdated by:  RHSA-2011:0262
    MD5: 7343b19614880e430016319462dc1399
sendmail-devel-8.13.1-3.2.el4.x86_64.rpm
File outdated by:  RHSA-2011:0262
    MD5: 0a1ec7e3864548765077d8c0b85f3ea6
sendmail-doc-8.13.1-3.2.el4.x86_64.rpm
File outdated by:  RHSA-2011:0262
    MD5: 5652fa8847d14232c3e3ed21a3bab160
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
sendmail-8.13.1-3.2.el4.src.rpm
File outdated by:  RHSA-2011:0262
    MD5: e07d0205352eb73b1011021a10522b61
 
IA-32:
sendmail-8.13.1-3.2.el4.i386.rpm
File outdated by:  RHSA-2011:0262
    MD5: 54e4730bcfcb10b6e865af6886e58bf4
sendmail-cf-8.13.1-3.2.el4.i386.rpm
File outdated by:  RHSA-2011:0262
    MD5: 7db401a5ac49f76abc7812c26652c1ea
sendmail-devel-8.13.1-3.2.el4.i386.rpm
File outdated by:  RHSA-2011:0262
    MD5: 658721b05ad13272736f28f9e2396460
sendmail-doc-8.13.1-3.2.el4.i386.rpm
File outdated by:  RHSA-2011:0262
    MD5: eaeba078a91bf80ea81be7ced9f14a60
 
IA-64:
sendmail-8.13.1-3.2.el4.ia64.rpm
File outdated by:  RHSA-2011:0262
    MD5: f5b2c9c308e22965dc1d6864d7b98813
sendmail-cf-8.13.1-3.2.el4.ia64.rpm
File outdated by:  RHSA-2011:0262
    MD5: 931c1f98f30189e8a525e9d4be72c706
sendmail-devel-8.13.1-3.2.el4.ia64.rpm
File outdated by:  RHSA-2011:0262
    MD5: f31db098d7450d6e4121b370d21e583e
sendmail-doc-8.13.1-3.2.el4.ia64.rpm
File outdated by:  RHSA-2011:0262
    MD5: 120f9fb49dde5a1b0c9b026470feed41
 
x86_64:
sendmail-8.13.1-3.2.el4.x86_64.rpm
File outdated by:  RHSA-2011:0262
    MD5: b32d5cc7710c22895c8709a2fdb6ee6d
sendmail-cf-8.13.1-3.2.el4.x86_64.rpm
File outdated by:  RHSA-2011:0262
    MD5: 7343b19614880e430016319462dc1399
sendmail-devel-8.13.1-3.2.el4.x86_64.rpm
File outdated by:  RHSA-2011:0262
    MD5: 0a1ec7e3864548765077d8c0b85f3ea6
sendmail-doc-8.13.1-3.2.el4.x86_64.rpm
File outdated by:  RHSA-2011:0262
    MD5: 5652fa8847d14232c3e3ed21a3bab160
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

121850 - [PATCH] infinite loop within tls_read
152282 - Incorrect path to selinuxenabled in /etc/init.d/sendmail
152955 - sendmail-cf contains rpm build artifacts
156191 - Changelog says 'Socketmap Supported' but it's not compiled in.
166744 - aliases man page specifies incorrect location of aliases file
171838 - CVE-2006-7176 sendmail allows external mail with from address xxx@localhost.localdomain
172352 - Sendmail allows SSLv2 during STARTTLS, and the CipherList config option isn't supported so you can't turn it off
200920 - shutting down sm-client fails
200921 - [PATCH] method to specify persistent queue runners?
200923 - sendmail.mc missing dnl on SMART_HOST define


References


Keywords

CipherList, localhost.localdomain


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/