Описание
Security update for sendmail
This update for sendmail fixes the following issues:
- CVE-2023-51765: Fixed new SMTP smuggling attack. (bsc#1218351)
Список пакетов
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
libmilter1_0-8.15.2-150000.8.12.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
libmilter1_0-8.15.2-150000.8.12.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
libmilter1_0-8.15.2-150000.8.12.1
SUSE Linux Enterprise Module for Package Hub 15 SP5
rmail-8.15.2-150000.8.12.1
openSUSE Leap 15.5
libmilter-doc-8.15.2-150000.8.12.1
libmilter1_0-8.15.2-150000.8.12.1
rmail-8.15.2-150000.8.12.1
sendmail-8.15.2-150000.8.12.1
sendmail-devel-8.15.2-150000.8.12.1
sendmail-starttls-8.15.2-150000.8.12.1
Ссылки
- Link for SUSE-SU-2024:0743-1
- E-Mail link for SUSE-SU-2024:0743-1
- SUSE Security Ratings
- SUSE Bug 1218351
- SUSE CVE CVE-2023-51765 page
Описание
sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features.
Затронутые продукты
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:libmilter1_0-8.15.2-150000.8.12.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:libmilter1_0-8.15.2-150000.8.12.1
SUSE Linux Enterprise Module for Basesystem 15 SP5:libmilter1_0-8.15.2-150000.8.12.1
SUSE Linux Enterprise Module for Package Hub 15 SP5:rmail-8.15.2-150000.8.12.1
Ссылки
- CVE-2023-51765
- SUSE Bug 1218351