Description of problem: Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. Version-Release number of selected component (if applicable): 8.13.7-2 and prior How reproducible: Always Steps to Reproduce: 1. Use sendmail! 2. Attack using flaw 3. Actual results: Sendmail processes craash on DOS. Expected results: Sendmail shouldn't do that! Additional info: Patch is available at www.sendmail.org. This is in Rawhide now, but we need an update for FC4/FC5.
8.13.8 seems to be pushed out Florian La Roche