Описание
ELSA-2010-0237: sendmail security and bug fix update (LOW)
[8.13.8-8]
- rpm attributes S,5,T not recorded for statistics file
[8.13.8-7]
- fix specfile for passing rpm -V test (#555277)
[8.13.8-6.el5]
- fix verification of SSL certificate with NUL in name (#553618, CVE-2009-4565)
- do not accept localhost.localdomain as valid address from smtp (#449391)
- skip colon separator when parsing service name in ServiceSwitchFile (#512871)
- exit with non-zero error code when free space is low (#299951)
- fix -qG description in man page (#250552)
- fix comments in sendmail.mc to use correct certs path (#244012)
- add MTA to provides (#494408)
- fix %dist macro use (#440616)
- compile with -fno-strict-aliasing
- skip t-sem test as it doesn't allow parallel testing
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
sendmail
8.13.8-8.el5
sendmail-cf
8.13.8-8.el5
sendmail-devel
8.13.8-8.el5
sendmail-doc
8.13.8-8.el5
Oracle Linux x86_64
sendmail
8.13.8-8.el5
sendmail-cf
8.13.8-8.el5
sendmail-devel
8.13.8-8.el5
sendmail-doc
8.13.8-8.el5
Oracle Linux i386
sendmail
8.13.8-8.el5
sendmail-cf
8.13.8-8.el5
sendmail-devel
8.13.8-8.el5
sendmail-doc
8.13.8-8.el5
Связанные CVE
Связанные уязвимости
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.