BLAG Forums
It is currently Fri Jul 19, 2019 1:14 pm

All times are UTC

Post new topic Reply to topic  [ 1 post ] 
Author Message
PostPosted: Sun Oct 29, 2006 1:52 pm 

Joined: Sun Mar 14, 2004 4:39 pm
Posts: 220
Location: xerta, espa├▒a
Fedora Legacy Update Advisory

Synopsis: Updated sendmail packages fix security issue
Advisory ID: FLSA:195418
Issue date: 2006-10-29
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix, Security
CVE Names: CVE-2006-1173

1. Topic:

Updated sendmail packages that fix a security issue are now available.

The sendmail package provides a widely used Mail Transport Agent (MTA).

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64

3. Problem description:

A flaw in the handling of multi-part MIME messages was discovered in
Sendmail. A remote attacker could create a carefully crafted message
that could crash the sendmail process during delivery (CVE-2006-1173).

Users of Sendmail are advised to upgrade to these erratum packages,
which contain a backported patch from the Sendmail team to correct this

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit for directions on how to
configure yum and apt-get.

5. Bug IDs fixed: ... ?id=195418

6. RPMs required:

Red Hat Linux 7.3:
SRPM: ... cy.src.rpm

i386: ... y.i386.rpm ... y.i386.rpm ... y.i386.rpm ... y.i386.rpm

Red Hat Linux 9:

SRPM: ... cy.src.rpm

i386: ... y.i386.rpm ... y.i386.rpm ... y.i386.rpm ... y.i386.rpm

Fedora Core 1:

SRPM: ... cy.src.rpm

i386: ... y.i386.rpm ... y.i386.rpm ... y.i386.rpm ... y.i386.rpm

Fedora Core 2:

SRPM: ... cy.src.rpm

i386: ... y.i386.rpm ... y.i386.rpm ... y.i386.rpm ... y.i386.rpm

Fedora Core 3:

SRPM: ... cy.src.rpm

i386: ... y.i386.rpm ... y.i386.rpm ... y.i386.rpm ... y.i386.rpm

x86_64: ... x86_64.rpm ... x86_64.rpm ... x86_64.rpm ... x86_64.rpm

7. Verification:

SHA1 sum Package Name
de3219959a42e413f4add01a96fe5bd4e5c2e25b redhat/7.3/updates/i386/sendmail-8.12.11-4.22.11.legacy.i386.rpm
6651ffec675ad29d60dae0b538cc4ab00833b7e9 redhat/7.3/updates/i386/sendmail-cf-8.12.11-4.22.11.legacy.i386.rpm
a863e902dac5362e8922e62358f00e76fccfb0dd redhat/7.3/updates/i386/sendmail-devel-8.12.11-4.22.11.legacy.i386.rpm
8b02c451d2ed59b530f3e6976e3bbf4ce0ea535c redhat/7.3/updates/i386/sendmail-doc-8.12.11-4.22.11.legacy.i386.rpm
76086504341d07d4ee88c15a5060c1088d6f3057 redhat/7.3/updates/SRPMS/sendmail-8.12.11-4.22.11.legacy.src.rpm

31695348a11ac9b47d5470249072f2175131bdab redhat/9/updates/i386/sendmail-8.12.11-4.24.4.legacy.i386.rpm
05c883b5a6b218f69a08c711ca71e4d14d958141 redhat/9/updates/i386/sendmail-cf-8.12.11-4.24.4.legacy.i386.rpm
7bc9aef8a1a8794eb6ad6c8496ede743bc61fd76 redhat/9/updates/i386/sendmail-devel-8.12.11-4.24.4.legacy.i386.rpm
470d3a9ada94a6d1735176050cfa94c8eefc8c70 redhat/9/updates/i386/sendmail-doc-8.12.11-4.24.4.legacy.i386.rpm
5715d14fec8f303271ee7ef3ace828f80af76902 redhat/9/updates/SRPMS/sendmail-8.12.11-4.24.4.legacy.src.rpm

b4e627654290a72eb736678f9ddf6c19031daed6 fedora/1/updates/i386/sendmail-8.12.11-4.25.4.legacy.i386.rpm
6e631fda5b975b4cd40b8e580b1562888addc272 fedora/1/updates/i386/sendmail-cf-8.12.11-4.25.4.legacy.i386.rpm
c9e37c442488d4079983ad47d74c843b2e835b52 fedora/1/updates/i386/sendmail-devel-8.12.11-4.25.4.legacy.i386.rpm
c3d8da108fb47db91a3bd9513de4e5e403e34656 fedora/1/updates/i386/sendmail-doc-8.12.11-4.25.4.legacy.i386.rpm
1198d4465b351b6555b510fe22ff93c3accdc794 fedora/1/updates/SRPMS/sendmail-8.12.11-4.25.4.legacy.src.rpm

719954687788a5194cde32eb235d3d542fa62690 fedora/2/updates/i386/sendmail-8.12.11-4.26.1.legacy.i386.rpm
840bf9b1d018965963ceaffec85e0be2dced5345 fedora/2/updates/i386/sendmail-cf-8.12.11-4.26.1.legacy.i386.rpm
b44e5ba3a369885111d74232960b3de5e5e1207e fedora/2/updates/i386/sendmail-devel-8.12.11-4.26.1.legacy.i386.rpm
2a8eaa15f1c7e50dbc16542e5d93b88e1933d522 fedora/2/updates/i386/sendmail-doc-8.12.11-4.26.1.legacy.i386.rpm
48fce3c232e313a1648d04bdd0ffe727b1cb9867 fedora/2/updates/SRPMS/sendmail-8.12.11-4.26.1.legacy.src.rpm

27a009c764d367c5bb32c003ef79611602709808 fedora/3/updates/i386/sendmail-8.13.1-4.legacy.i386.rpm
aa4ae72b7747269f6d20519e3fefd83a28e52df6 fedora/3/updates/i386/sendmail-cf-8.13.1-4.legacy.i386.rpm
ea0d29481a712d42927f15da4fcc2709d4e5fbd0 fedora/3/updates/i386/sendmail-devel-8.13.1-4.legacy.i386.rpm
428282ff79c56f0f0bda0607612c38ca4253ab04 fedora/3/updates/i386/sendmail-doc-8.13.1-4.legacy.i386.rpm
14661dcec23213f5337e1eba749e8657daf5ef4b fedora/3/updates/x86_64/sendmail-8.13.1-4.legacy.x86_64.rpm
c6fdccb6edf57d18aad1c955809ea74cbee333cd fedora/3/updates/x86_64/sendmail-cf-8.13.1-4.legacy.x86_64.rpm
67f50ca7957b1cef314f9ab2e5d5dba81376573c fedora/3/updates/x86_64/sendmail-devel-8.13.1-4.legacy.x86_64.rpm
05be329d3ec2df28d49b1e7f91e2eea9daf0159f fedora/3/updates/x86_64/sendmail-doc-8.13.1-4.legacy.x86_64.rpm
0167c72624710207c4c4b16afdce87e5fb161dd0 fedora/3/updates/SRPMS/sendmail-8.13.1-4.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is
available from

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References: ... 01.txt.asc ... -2006-1173

9. Contact:

The Fedora Legacy security contact is <>. More
project details at


Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group