Updated sendmail packages that fix a security issue are now
The sendmail package provides A widely used Mail Transport Agent (MTA).
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64
3. Problem description:
A flaw in the handling of asynchronous signals was discovered in Sendmail.
A remote attacker may be able to exploit a race condition to execute
arbitrary code as root. The Common Vulnerabilities and Exposures project
assigned the name CVE-2006-0058 to this issue.
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
In order to correct this issue for RHL 7.3 users, it was necessary to upgrade
the version of Sendmail from 8.11 as originally shipped to Sendmail 8.12.11
with the addition of the security patch supplied by Sendmail Inc. This
erratum provides updated packages based on Sendmail 8.12 with a compatibility
mode enabled as provided by Red Hat for RHEL 2.1. After updating to these
packages, users should pay close attention to their sendmail logs to ensure
that the upgrade completed successfully.
In order to correct this issue for RHL 9 and FC1 users, it was necessary to
upgrade the version of Sendmail from 8.12.8 and 8.12.10 respectively to
8.12.11 with the addition of the security patch supplied by Sendmail Inc.
After updating to these packages, users should pay close attention to their
sendmail logs to ensure that the upgrade completed successfully.
For Fedora Core 3 users, the patch supplied by Sendmail Inc. applies cleanly
to the latest sendmail package previously released for Fedora Core 3.
Users updating to these packages are urged to review their sendmail.cf
file after updating.
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.