Bug 184466
Summary: | CVE-2006-0058 Sendmail race condition issue | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Josh Bressers <bressers> |
Component: | sendmail | Assignee: | Thomas Woerner <twoerner> |
Status: | CLOSED ERRATA | QA Contact: | David Lawrence <dkl> |
Severity: | urgent | Docs Contact: | |
Priority: | medium | ||
Version: | 4 | CC: | dcantrell, mattdm, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | source=cert,reported=20060308,embargo=20060322,impact=critical | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-03-22 19:17:49 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Josh Bressers
2006-03-08 23:10:10 UTC
attachment 125842 [details] is the proposed patch from CERT
To quote CERT regarding this patch:
A patch to correct this issue in sendmail versions 8.13 is provided
below. The patch also eliminates potential integer overflows in how
sendmail handles message headers. This patch was prepared manually by
Sendmail and in our experience will generate warnings about
offsets. We've discussed this with Sendmail and believe it to be
harmless. Aside from that, CERT/CC has not verified this patch, what
issues are corrected, and how those issues are corrected.
This issue is now public: http://www.sendmail.org/8.13.6.html This also affects FC5.... sendmail-8.13.6-0.FC4.1 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report. So what about FC5? FC5 is being fixed by sendmail-8.13.6-0.FC5.1 FEDORA-2006-193 The FC5 update has been pushed, it should appear on mirrors shortly. Thanks. |