sendmail-8.13.8-8.0.1.AXS3

エラータID: AXSA:2010-193:01

Release date: 
Friday, April 9, 2010 - 20:55
Subject: 
sendmail-8.13.8-8.0.1.AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your email. Sendmail is a behind-the-scenes program which actually moves your email over networks or the Internet to where you want it to go.
If you ever need to reconfigure Sendmail, you will also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package.
Security issues fixed with this release:
CVE-2006-7176
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the 'localhost.localdomain' domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.
CVE-2009-4565
sendmail before 8.14.4 does not properly handle a '0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Solution: 

Update packages.

CVEs: 
CVE-2006-7176
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.
CVE-2009-4565
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Additional Info: 

N/A

Download: 

SRPMS
  1. sendmail-8.13.8-8.0.1.AXS3.src.rpm
    MD5: 689ba8bdf48579cac2d75ec0054810d2
    SHA-256: 3ab4e3a0c3d2b8c35fa49605b6b1c0ac332ea82dea1edba04e2a51333e152813
    Size: 1.97 MB

Asianux Server 3 for x86
  1. sendmail-8.13.8-8.0.1.AXS3.i386.rpm
    MD5: e4de080d501d53006d2a4f6903cf6c43
    SHA-256: f92ddc7a6dc814930eafcdf6f0172c94bfe6235ffe03c06b13d3cedc2cbf7dbb
    Size: 624.62 kB
  2. sendmail-cf-8.13.8-8.0.1.AXS3.i386.rpm
    MD5: d3c322fecf30ac2d488f10cb01c9ecca
    SHA-256: a43de7fa62fe7b1749bd6193434d16942217ef835ca8b5c6941e7a7196f6e25b
    Size: 310.94 kB
  3. sendmail-devel-8.13.8-8.0.1.AXS3.i386.rpm
    MD5: 88838ed1da67d673f6c120172f00253c
    SHA-256: 391d3eba664fb5d4a0750c7bf85605cd64dd8046a8675abe00cb81dbaea170ba
    Size: 128.10 kB
  4. sendmail-doc-8.13.8-8.0.1.AXS3.i386.rpm
    MD5: dbe6ff23e2acb5af8ad09750af975bed
    SHA-256: 529a8388c9486bf1f6015c65abc31a83ca35ab8fe53f11ac13fea3f9ab1e15a8
    Size: 665.22 kB

Asianux Server 3 for x86_64
  1. sendmail-8.13.8-8.0.1.AXS3.x86_64.rpm
    MD5: ec5b1bcae5340e44a3e2e95b00f69bca
    SHA-256: eb3381f4d1dd00632ff9c4f3cff3bd9972dab2b72450b59da8e1ec5cc439af12
    Size: 638.73 kB
  2. sendmail-cf-8.13.8-8.0.1.AXS3.x86_64.rpm
    MD5: 6d693378d79a48dc0236e4264d23acd3
    SHA-256: 229272167951b394c4cf0bfd62af1416b13d8a8b6f6f08facde1210b1f109ce9
    Size: 310.89 kB
  3. sendmail-devel-8.13.8-8.0.1.AXS3.x86_64.rpm
    MD5: 29122ade3bea120d6077c46fbd077888
    SHA-256: 625094767a3d7e112b6c03dc139fa530d9d8c68e4f6b9157b905f1eb8ff00058
    Size: 132.94 kB
  4. sendmail-doc-8.13.8-8.0.1.AXS3.x86_64.rpm
    MD5: e7210dda92619e9a22251bc93e853820
    SHA-256: 29ffb061b5168a82f5e3c0ca1b7644ddb1a0b500f895962be4107f37a26e2f43
    Size: 665.19 kB