Bug 202311 - CVE-2006-4434 - sendmail 8.13.8 is released
Summary: CVE-2006-4434 - sendmail 8.13.8 is released
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: sendmail
Version: rawhide
Hardware: All
OS: Linux
medium
urgent
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: David Lawrence
URL: http://www.sendmail.org/releases/8.13...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-08-12 16:48 UTC by Robert Scheck
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version: 8.13.8-1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-09-02 12:05:23 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Robert Scheck 2006-08-12 16:48:01 UTC 
Description of problem:
Sendmail, Inc., and the Sendmail Consortium announce the availability of 
sendmail 8.13.8. It fixes some problems introduced in 8.13.7, as well as
some other bugs.

Version-Release number of selected component (if applicable):
sendmail-8.13.7-3.1

Actual results:
A simple upgrade (new versions in the spec file) did it for me - without
any patch merging.

Expected results:
Upgrade to 8.13.8... ;-)

Additional info:
Resolving this bug report by upgrading should resolve bug #198099.
Comment 1 Robert Scheck 2006-08-29 17:33:01 UTC 
Okay...while doing nothing instead of my expected result, this bug now got
a security bug ;-) Secunia and FrSIRT are reporting possible DoS cases for 
sendmail < 8.13.8. Please update Rawhide to 8.13.8 soon...
Comment 2 Gilbert Sebenste 2006-08-29 18:01:06 UTC 
Here is the direct link to that FrSIRT advisory:

http://www.frsirt.com/english/advisories/2006/3393
Comment 3 Gilbert Sebenste 2006-08-29 18:09:30 UTC 
Here's the official links:

http://www.frsirt.com/english/advisories/2006/3393

Also just starting to get reports of possible DOS's from Secunia on
this vulnerability.

http://secunia.com/advisories/21637/
Comment 4 Robert Scheck 2006-09-02 12:05:23 UTC 
This bug is CVE-2006-4434. Fixed in Rawhide, closing now.
Note You need to log in before you can comment on or make changes to this bug.