[Security Announce] [ MDVSA-2010:003 ] sendmail

news · January 12, 2010

This is a multi-part message in MIME format...

------------=_1263321390-24326-3364

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:003

http://www.mandriva.com/security/

_______________________________________________________________________

Package : sendmail

Date : January 11, 2010

Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,

Enterprise Server 5.0, Multi Network Firewall 2.0

_______________________________________________________________________

Problem Description:

A security vulnerability has been identified and fixed in sendmail:

sendmail before 8.14.4 does not properly handle a '\0' (NUL)

character in a Common Name (CN) field of an X.509 certificate, which

(1) allows man-in-the-middle attackers to spoof arbitrary SSL-based

SMTP servers via a crafted server certificate issued by a legitimate

Certification Authority, and (2) allows remote attackers to bypass

intended access restrictions via a crafted client certificate issued by

a legitimate Certification Authority, a related issue to CVE-2009-2408

(CVE-2009-4565).

Packages for 2008.0 are provided for Corporate Desktop 2008.0

customers.

This update provides a fix for this vulnerability.

_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4565

http://www.sendmail.org/releases/8.14.4

_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:

59415398189b3fcf81482a0aa548e2f4 2008.0/i586/sendmail-8.14.1-2.1mdv2008.0.i586.rpm

ea981097f72996a76eba3db1ca168c68 2008.0/i586/sendmail-cf-8.14.1-2.1mdv2008.0.i586.rpm

19d0308e739e5d2c1c3f4fa26cc58b83 2008.0/i586/sendmail-devel-8.14.1-2.1mdv2008.0.i586.rpm

ec7b8d7a0ef153e7a6eb892f0e37b5de 2008.0/i586/sendmail-doc-8.14.1-2.1mdv2008.0.i586.rpm

0db8b791cbd6ab9c5acbb4d36dfc2011 2008.0/SRPMS/sendmail-8.14.1-2.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:

27862cd3b57af76bbeaf4022b05f9944 2008.0/x86_64/sendmail-8.14.1-2.1mdv2008.0.x86_64.rpm

4585530d86a21d4f0354cf2458ff4822 2008.0/x86_64/sendmail-cf-8.14.1-2.1mdv2008.0.x86_64.rpm

f241b7f870d0bcbadc64cbd8c8642a4e 2008.0/x86_64/sendmail-devel-8.14.1-2.1mdv2008.0.x86_64.rpm

a92613cbc1eecc47aeff44c8a24ed32e 2008.0/x86_64/sendmail-doc-8.14.1-2.1mdv2008.0.x86_64.rpm

0db8b791cbd6ab9c5acbb4d36dfc2011 2008.0/SRPMS/sendmail-8.14.1-2.1mdv2008.0.src.rpm

Mandriva Linux 2009.0:

c7dfba4575fb7d2cae408ae4ffc3588f 2009.0/i586/sendmail-8.14.3-2.1mdv2009.0.i586.rpm

7a77a2fd891995e30dc77b843afb55d1 2009.0/i586/sendmail-cf-8.14.3-2.1mdv2009.0.i586.rpm

8c38bb523fe83f1a6936f89cef1d9aff 2009.0/i586/sendmail-devel-8.14.3-2.1mdv2009.0.i586.rpm

5f27bc4b53e33a3e6f543eef078ba603 2009.0/i586/sendmail-doc-8.14.3-2.1mdv2009.0.i586.rpm

1d87f6050c197ac42e6e2d599c6ccb02 2009.0/SRPMS/sendmail-8.14.3-2.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:

367a5fe461786ca07bd26f75d5e83b87 2009.0/x86_64/sendmail-8.14.3-2.1mdv2009.0.x86_64.rpm

74a5d145be5a34309a6b77d86c928221 2009.0/x86_64/sendmail-cf-8.14.3-2.1mdv2009.0.x86_64.rpm

b0880a184b15a235e0af6c977a86deb4 2009.0/x86_64/sendmail-devel-8.14.3-2.1mdv2009.0.x86_64.rpm

57629048e8712e85b4ad2b96b2820b4a 2009.0/x86_64/sendmail-doc-8.14.3-2.1mdv2009.0.x86_64.rpm

1d87f6050c197ac42e6e2d599c6ccb02 2009.0/SRPMS/sendmail-8.14.3-2.1mdv2009.0.src.rpm

Mandriva Linux 2009.1:

b4f3e0bbbcd2a31ac54e97db1e86d3cb 2009.1/i586/sendmail-8.14.3-3.1mdv2009.1.i586.rpm

4e455a03d26ac8db82520033f7c12b53 2009.1/i586/sendmail-cf-8.14.3-3.1mdv2009.1.i586.rpm

83ed44ff797b518f754191a2913fb99b 2009.1/i586/sendmail-devel-8.14.3-3.1mdv2009.1.i586.rpm

a6300984708e7c7e183de4cfeed303d4 2009.1/i586/sendmail-doc-8.14.3-3.1mdv2009.1.i586.rpm

715d4d5f51bb06566cc1cd2007eae13b 2009.1/SRPMS/sendmail-8.14.3-3.1mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:

cd8b93f0e5131be289a7820c668535d4 2009.1/x86_64/sendmail-8.14.3-3.1mdv2009.1.x86_64.rpm

35901aab57046009e74921a9f8537f5c 2009.1/x86_64/sendmail-cf-8.14.3-3.1mdv2009.1.x86_64.rpm

a6b5f206c58c9ed35417f49b157a245a 2009.1/x86_64/sendmail-devel-8.14.3-3.1mdv2009.1.x86_64.rpm

708d8cf9d104f38bbc5d117048536d44 2009.1/x86_64/sendmail-doc-8.14.3-3.1mdv2009.1.x86_64.rpm

715d4d5f51bb06566cc1cd2007eae13b 2009.1/SRPMS/sendmail-8.14.3-3.1mdv2009.1.src.rpm

Mandriva Linux 2010.0:

cb3ff51261f0a547e79fb2beb26ccd5d 2010.0/i586/sendmail-8.14.3-4.1mdv2010.0.i586.rpm

0e488f7f647c5c4a5aaa6e03aba37099 2010.0/i586/sendmail-cf-8.14.3-4.1mdv2010.0.i586.rpm

575a321bab56d672d8bc2bea109e0230 2010.0/i586/sendmail-devel-8.14.3-4.1mdv2010.0.i586.rpm

54a82cb021316e39766431c9ad6f36e8 2010.0/i586/sendmail-doc-8.14.3-4.1mdv2010.0.i586.rpm

d44550335102aefed7d2cfd94be56c18 2010.0/SRPMS/sendmail-8.14.3-4.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:

06be9e7dbda96eb506b58499a896f515 2010.0/x86_64/sendmail-8.14.3-4.1mdv2010.0.x86_64.rpm

ccad3d58cb1c296fef3cb9fc76b8ba5b 2010.0/x86_64/sendmail-cf-8.14.3-4.1mdv2010.0.x86_64.rpm

30ea827e1029bc2519263a0821611886 2010.0/x86_64/sendmail-devel-8.14.3-4.1mdv2010.0.x86_64.rpm

9dd4779fea3cde54fb211db8733164a0 2010.0/x86_64/sendmail-doc-8.14.3-4.1mdv2010.0.x86_64.rpm

d44550335102aefed7d2cfd94be56c18 2010.0/SRPMS/sendmail-8.14.3-4.1mdv2010.0.src.rpm

Corporate 4.0:

b4af5f228b216fa419a0490db166e286 corporate/4.0/i586/sendmail-8.13.4-6.5.20060mlcs4.i586.rpm

c8765f369aa52810a67f47118129802c corporate/4.0/i586/sendmail-cf-8.13.4-6.5.20060mlcs4.i586.rpm

9d31c0b2d982582fabd7db9aa0d65270 corporate/4.0/i586/sendmail-devel-8.13.4-6.5.20060mlcs4.i586.rpm

9b0ebbce5cfd974ea19976f14329057e corporate/4.0/i586/sendmail-doc-8.13.4-6.5.20060mlcs4.i586.rpm

e196e43d837e42491f6dfc950af0ebb7 corporate/4.0/SRPMS/sendmail-8.13.4-6.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64:

22d62ded1b3d7963740064769a7101bd corporate/4.0/x86_64/sendmail-8.13.4-6.5.20060mlcs4.x86_64.rpm

17ed3192e319890184067239fb3f8c57 corporate/4.0/x86_64/sendmail-cf-8.13.4-6.5.20060mlcs4.x86_64.rpm

d702fb0c90ddc0c910869df484215e91 corporate/4.0/x86_64/sendmail-devel-8.13.4-6.5.20060mlcs4.x86_64.rpm

ed75310c08e8e2c0dc797c84ef71e3e7 corporate/4.0/x86_64/sendmail-doc-8.13.4-6.5.20060mlcs4.x86_64.rpm

e196e43d837e42491f6dfc950af0ebb7 corporate/4.0/SRPMS/sendmail-8.13.4-6.5.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:

87fa356ac80447bcf7328ff16712e97b mes5/i586/sendmail-8.14.3-2.1mdvmes5.i586.rpm

7204d91f35e0aec24c1dbd12af34f457 mes5/i586/sendmail-cf-8.14.3-2.1mdvmes5.i586.rpm

bdcc3f3bf303f764dd87d52ffc7e4aa1 mes5/i586/sendmail-devel-8.14.3-2.1mdvmes5.i586.rpm

faa0df4c43cddf8dcac3ddffb271211e mes5/i586/sendmail-doc-8.14.3-2.1mdvmes5.i586.rpm

b71ace8a1ee671400e212ed9aa5200eb mes5/SRPMS/sendmail-8.14.3-2.1mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:

6899d9dde5ec73adc5071588ae9f5e8a mes5/x86_64/sendmail-8.14.3-2.1mdvmes5.x86_64.rpm

6ff20eb453f84f067eb411b37a745774 mes5/x86_64/sendmail-cf-8.14.3-2.1mdvmes5.x86_64.rpm

12f793bc0f65025dc4b7bbc9b0730b89 mes5/x86_64/sendmail-devel-8.14.3-2.1mdvmes5.x86_64.rpm

08b141b3aeb79b431fcc78de84d86d29 mes5/x86_64/sendmail-doc-8.14.3-2.1mdvmes5.x86_64.rpm

b71ace8a1ee671400e212ed9aa5200eb mes5/SRPMS/sendmail-8.14.3-2.1mdvmes5.src.rpm

Multi Network Firewall 2.0:

60b1e9af1bf3310ebc17da12c51169e8 mnf/2.0/i586/sendmail-8.12.11-1.5.M20mdk.i586.rpm

e36a464dcbde47632af940d79142be2a mnf/2.0/i586/sendmail-cf-8.12.11-1.5.M20mdk.i586.rpm

9ba7304e2b06011ad188af55d59c69f0 mnf/2.0/i586/sendmail-devel-8.12.11-1.5.M20mdk.i586.rpm

168c304c45ff1d3064b795b80e75b19a mnf/2.0/i586/sendmail-doc-8.12.11-1.5.M20mdk.i586.rpm

1bfda6494962b1b71e9127d5753492e6 mnf/2.0/SRPMS/sendmail-8.12.11-1.5.M20mdk.src.rpm

_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

_______________________________________________________________________

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLTJFPmqjQ0CJFipgRAoKcAJ99aQC/zNJ+rZ9k9UMbTWlldiveLACg0c5X

W7OfxaxmPvfqiwxJE7tjcb8=

=Fkrf

-----END PGP SIGNATURE-----

------------=_1263321390-24326-3364

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

------------=_1263321390-24326-3364--

Sign In

[Security Announce] [ MDVSA-2010:003 ] sendmail

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity