Рекомендация Debian по безопасности
DSA-1164-1 sendmail -- ошибка программирования
- Дата сообщения:
- 31.08.2006
- Затронутые пакеты:
- sendmail
- Уязвим:
- Да
- Ссылки на базы данных по безопасности:
- В системе отслеживания ошибок Debian: Ошибка 385054.
В базе данных Bugtraq (на SecurityFocus): Идентификатор BugTraq 19714.
В каталоге Mitre CVE: CVE-2006-4434. - Более подробная информация:
-
В sendmail, альтернативном агенте пересылки почты для Debian, была обнаружена ошибка программирования, которая может позволить удалённому злоумышленнику аварийно завершить работы процесса sendmail путём отправки специально сформированного сообщения электронной почты.
Заметьте, что для установки данного обновления вам также следует обновить библиотеку libsasl2 из архива предлагаемых обновлений, что указано в DSA 1155-2.
В стабильном выпуске (sarge) эта проблема была исправлена в версии 8.13.3-3sarge3.
В нестабильном выпуске (sid) эта проблема была исправлена в версии 8.13.8-1.
Рекомендуется обновить пакет sendmail.
- Исправлено в:
-
Debian GNU/Linux 3.1 (sarge)
- Исходный код:
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge3.dsc
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge3.diff.gz
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge3.diff.gz
- Независимые от архитектуры компоненты:
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-base_8.13.4-3sarge3_all.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-cf_8.13.4-3sarge3_all.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.13.4-3sarge3_all.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge3_all.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-cf_8.13.4-3sarge3_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_alpha.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_alpha.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_alpha.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_alpha.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_alpha.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_amd64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_amd64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_amd64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_amd64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_amd64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_arm.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_arm.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_arm.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_arm.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_arm.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_arm.deb
- HPPA:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_hppa.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_hppa.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_hppa.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_hppa.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_hppa.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_i386.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_i386.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_i386.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_i386.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_i386.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_ia64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_ia64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_ia64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_ia64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_ia64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_ia64.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_m68k.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_m68k.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_m68k.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_m68k.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_m68k.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_mips.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_mips.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_mips.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_mips.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_mips.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_mipsel.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_mipsel.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_mipsel.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_mipsel.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_mipsel.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_powerpc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_powerpc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_powerpc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_powerpc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_powerpc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_s390.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_s390.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_s390.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_s390.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_s390.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_sparc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_sparc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_sparc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_sparc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_sparc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_sparc.deb
Контрольные суммы MD5 этих файлов доступны в исходном сообщении.