SUSE-SU-2024:0742-1

Опубликовано: 01 мар. 2024

Источник: suse-cvrf

Описание

Security update for sendmail

This update for sendmail fixes the following issues:

CVE-2023-51765: Fixed new SMTP smuggling attack. (bsc#1218351)

Список пакетов

SUSE Linux Enterprise Module for Legacy 12

sendmail-8.14.9-4.9.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20240742-1/
Link for SUSE-SU-2024:0742-1
https://lists.suse.com/pipermail/sle-security-updates/2024-March/018087.html
E-Mail link for SUSE-SU-2024:0742-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1218351
SUSE Bug 1218351
https://www.suse.com/security/cve/CVE-2023-51765/
SUSE CVE CVE-2023-51765 page

Описание

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features.

Затронутые продукты

SUSE Linux Enterprise Module for Legacy 12:sendmail-8.14.9-4.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-51765.html
CVE-2023-51765
https://bugzilla.suse.com/1218351
SUSE Bug 1218351

SUSE-SU-2024:0742-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Legacy 12

Ссылки

Уязвимость: CVE-2023-51765

Описание

Затронутые продукты

Ссылки