Updated sendmail packages that fix a security issue are now available.
The sendmail package provides a widely used Mail Transport Agent (MTA).
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64
3. Problem description:
A flaw in the handling of multi-part MIME messages was discovered in
Sendmail. A remote attacker could create a carefully crafted message
that could crash the sendmail process during delivery (CVE-2006-1173).
Users of Sendmail are advised to upgrade to these erratum packages,
which contain a backported patch from the Sendmail team to correct this
issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
