RedHat: Critical: sendmail security update
Summary
Summary
Sendmail is a Mail Transport Agent (MTA) used to send mail between machines. A flaw in the handling of asynchronous signals was discovered in Sendmail. A remote attacker may be able to exploit a race condition to execute arbitrary code as root. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0058 to this issue. By default on Red Hat Enterprise Linux 2.1, Sendmail is configured to only accept connections from the local host. Therefore only users who have configured Sendmail to listen to remote hosts would be able to be remotely exploited by this vulnerability. In order to correct this issue for Red Hat Enterprise Linux 2.1 users, it was necessary to upgrade the version of Sendmail from 8.11 as originally shipped to Sendmail 8.12 with the addition of the security patch supplied by Sendmail Inc. This erratum provides updated packages based on Sendmail 8.12 with a compatibility mode enabled. After updating to these packages, users should pay close attention to their sendmail logs to ensure that the upgrade completed sucessfully.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
184465 - CVE-2006-0058 Sendmail race condition issue
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
f5abfd6edcababd2bab542f836950d16 sendmail-8.12.11-4.21AS.8.src.rpm
i386:
aaf362f3da9cfbeac698bd0cae38849a sendmail-8.12.11-4.21AS.8.i386.rpm
edf605382c1edceeb3520494ef1defa4 sendmail-cf-8.12.11-4.21AS.8.i386.rpm
f410e2be904b29607c8b57c598d6e86a sendmail-devel-8.12.11-4.21AS.8.i386.rpm
7920ac760db2f52d85c942817b0a1a84 sendmail-doc-8.12.11-4.21AS.8.i386.rpm
ia64:
87d8a88331ca8d816d779129033a2545 sendmail-8.12.11-4.21AS.8.ia64.rpm
7c1f0fbd3490bf7007115c19aa320a79 sendmail-cf-8.12.11-4.21AS.8.ia64.rpm
7fd463f112b365cb9d8b63eebaa67718 sendmail-devel-8.12.11-4.21AS.8.ia64.rpm
4d6b4f4cccb65dad389887ea6d974181 sendmail-doc-8.12.11-4.21AS.8.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
f5abfd6edcababd2bab542f836950d16 sendmail-8.12.11-4.21AS.8.src.rpm
ia64:
87d8a88331ca8d816d779129033a2545 sendmail-8.12.11-4.21AS.8.ia64.rpm
7c1f0fbd3490bf7007115c19aa320a79 sendmail-cf-8.12.11-4.21AS.8.ia64.rpm
7fd463f112b365cb9d8b63eebaa67718 sendmail-devel-8.12.11-4.21AS.8.ia64.rpm
4d6b4f4cccb65dad389887ea6d974181 sendmail-doc-8.12.11-4.21AS.8.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
f5abfd6edcababd2bab542f836950d16 sendmail-8.12.11-4.21AS.8.src.rpm
i386:
aaf362f3da9cfbeac698bd0cae38849a sendmail-8.12.11-4.21AS.8.i386.rpm
edf605382c1edceeb3520494ef1defa4 sendmail-cf-8.12.11-4.21AS.8.i386.rpm
f410e2be904b29607c8b57c598d6e86a sendmail-devel-8.12.11-4.21AS.8.i386.rpm
7920ac760db2f52d85c942817b0a1a84 sendmail-doc-8.12.11-4.21AS.8.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
f5abfd6edcababd2bab542f836950d16 sendmail-8.12.11-4.21AS.8.src.rpm
i386:
aaf362f3da9cfbeac698bd0cae38849a sendmail-8.12.11-4.21AS.8.i386.rpm
edf605382c1edceeb3520494ef1defa4 sendmail-cf-8.12.11-4.21AS.8.i386.rpm
f410e2be904b29607c8b57c598d6e86a sendmail-devel-8.12.11-4.21AS.8.i386.rpm
7920ac760db2f52d85c942817b0a1a84 sendmail-doc-8.12.11-4.21AS.8.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
References
http://www.kb.cert.org/vuls/id/834865 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
Package List
Topic
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Bugs Fixed