Bug 195282 - Sendmail 8.13.7 is released
Sendmail 8.13.7 is released
Product: Fedora
Classification: Fedora
Component: sendmail (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: Thomas Woerner
David Lawrence
Depends On: 192850 195006
  Show dependency treegraph
Reported: 2006-06-14 13:43 EDT by Robert Scheck
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-06-19 12:30:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch7: sendmail-8.13.7-pid.patch (822 bytes, patch)
2006-06-14 13:44 EDT, Robert Scheck
no flags Details | Diff
Updated Patch7: sendmail-8.13.7-pid.patch (as partial fix of bug #176679) (820 bytes, patch)
2006-06-14 13:49 EDT, Robert Scheck
no flags Details | Diff

  None (edit)
Description Robert Scheck 2006-06-14 13:43:05 EDT
Description of problem:
Sendmail, Inc., and the Sendmail Consortium announce the availability of 
sendmail 8.13.7. It fixes a potential denial of service problem caused by 
excessive recursion which leads to stack exhaustion when attempting delivery
of a malformed MIME message. Therefore, the function mime8to7() has been 
modified to limit the recursion level at (the compile time constant) 
MAXMIMENESTING. Note: This denial of service attack only affects delivery of 
mail from the queue and delivery of a malformed message. Other incoming mail
is still accepted and delivered. However, mail messages in the queue may not
be reattempted if a malformed MIME message exists.

Version-Release number of selected component (if applicable):

Actual/expected results:
Upgrade to 8.13.7, updated Patch7 is attached.

Additional info:
Bug #195006 and #192850 should be also fixed before building the new version.
Comment 1 Robert Scheck 2006-06-14 13:44:24 EDT
Created attachment 130888 [details]
Patch7: sendmail-8.13.7-pid.patch
Comment 2 Robert Scheck 2006-06-14 13:49:42 EDT
Created attachment 130893 [details]
Updated Patch7: sendmail-8.13.7-pid.patch (as partial fix of bug #176679)
Comment 3 Gilbert Sebenste 2006-06-16 23:37:10 EDT
We need to bump this to priority high. This is a security issue, for a
denial of service....and a general rule of thumb is if you can DOS it, you can 
eventually hack it. 
Comment 4 Robert Scheck 2006-06-17 07:19:55 EDT
No, we don't really need. This bug was filed against Fedora Core devel (that 
means Rawhide) which shouldn't be used on production machines anyway. For RHEL 
this issue is already resolved by RHSA-2006:0515-01. But to make you happy...
Comment 5 Thomas Woerner 2006-06-19 12:30:03 EDT
Fixed in rawhide in rpm sendmail-8.13.7-1 or newer.

Note You need to log in before you can comment on or make changes to this bug.