copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2006.0226 -- [RedHat] -- Critical: sendmail security update

Date: 23 March 2006
References: AL-2006.0020  ESB-2006.0227  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                         ESB-2006.0226 -- [RedHat]
                    Critical: sendmail security update
                               23 March 2006

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           sendmail
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Desktop 4
                   Red Hat Enterprise Linux AS/ES/WS 4
                   Red Hat Desktop 3
                   Red Hat Enterprise Linux AS/ES/WS 3
                   Red Hat Linux Advanced Workstation 2.1
                   Red Hat Enterprise Linux AS/ES/WS 2.1
Impact:            Execute Arbitrary Code/Commands
Access:            Remote/Unauthenticated
CVE Names:         CVE-2006-0058

Ref:               AL-2006.0020

Original Bulletin: https://rhn.redhat.com/errata/RHSA-2006-0265.html

Comment: Please note that there are two Red Hat bulletins included in this
         ESB - one for the 2.1 line and one for the 3 and 4 lines of Red
         Hat Linux.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Critical: sendmail security update
Advisory ID:       RHSA-2006:0265-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0265.html
Issue date:        2006-03-22
Updated on:        2006-03-22
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-0058
- - ---------------------------------------------------------------------

1. Summary:

Updated sendmail packages to fix a security issue are now available for Red
Hat Enterprise Linux 2.1.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

Sendmail is a Mail Transport Agent (MTA) used to send mail between machines.

A flaw in the handling of asynchronous signals was discovered in Sendmail.
A remote attacker may be able to exploit a race condition to execute
arbitrary code as root.  The Common Vulnerabilities and Exposures project
assigned the name CVE-2006-0058 to this issue.

By default on Red Hat Enterprise Linux 2.1, Sendmail is configured to only
accept connections from the local host.  Therefore only users who have
configured Sendmail to listen to remote hosts would be able to be remotely
exploited by this vulnerability.

In order to correct this issue for Red Hat Enterprise Linux 2.1 users, it
was necessary to upgrade the version of Sendmail from 8.11 as originally
shipped to Sendmail 8.12 with the addition of the security patch supplied
by Sendmail Inc.  This erratum provides updated packages based on Sendmail
8.12 with a compatibility mode enabled.  After updating to these packages,
users should pay close attention to their sendmail logs to ensure that the
upgrade completed sucessfully.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

184465 - CVE-2006-0058  Sendmail race condition issue


6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/sendmail-8.12.11-4.21AS.8.src.rpm
f5abfd6edcababd2bab542f836950d16  sendmail-8.12.11-4.21AS.8.src.rpm

i386:
aaf362f3da9cfbeac698bd0cae38849a  sendmail-8.12.11-4.21AS.8.i386.rpm
edf605382c1edceeb3520494ef1defa4  sendmail-cf-8.12.11-4.21AS.8.i386.rpm
f410e2be904b29607c8b57c598d6e86a  sendmail-devel-8.12.11-4.21AS.8.i386.rpm
7920ac760db2f52d85c942817b0a1a84  sendmail-doc-8.12.11-4.21AS.8.i386.rpm

ia64:
87d8a88331ca8d816d779129033a2545  sendmail-8.12.11-4.21AS.8.ia64.rpm
7c1f0fbd3490bf7007115c19aa320a79  sendmail-cf-8.12.11-4.21AS.8.ia64.rpm
7fd463f112b365cb9d8b63eebaa67718  sendmail-devel-8.12.11-4.21AS.8.ia64.rpm
4d6b4f4cccb65dad389887ea6d974181  sendmail-doc-8.12.11-4.21AS.8.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/sendmail-8.12.11-4.21AS.8.src.rpm
f5abfd6edcababd2bab542f836950d16  sendmail-8.12.11-4.21AS.8.src.rpm

ia64:
87d8a88331ca8d816d779129033a2545  sendmail-8.12.11-4.21AS.8.ia64.rpm
7c1f0fbd3490bf7007115c19aa320a79  sendmail-cf-8.12.11-4.21AS.8.ia64.rpm
7fd463f112b365cb9d8b63eebaa67718  sendmail-devel-8.12.11-4.21AS.8.ia64.rpm
4d6b4f4cccb65dad389887ea6d974181  sendmail-doc-8.12.11-4.21AS.8.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/sendmail-8.12.11-4.21AS.8.src.rpm
f5abfd6edcababd2bab542f836950d16  sendmail-8.12.11-4.21AS.8.src.rpm

i386:
aaf362f3da9cfbeac698bd0cae38849a  sendmail-8.12.11-4.21AS.8.i386.rpm
edf605382c1edceeb3520494ef1defa4  sendmail-cf-8.12.11-4.21AS.8.i386.rpm
f410e2be904b29607c8b57c598d6e86a  sendmail-devel-8.12.11-4.21AS.8.i386.rpm
7920ac760db2f52d85c942817b0a1a84  sendmail-doc-8.12.11-4.21AS.8.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/sendmail-8.12.11-4.21AS.8.src.rpm
f5abfd6edcababd2bab542f836950d16  sendmail-8.12.11-4.21AS.8.src.rpm

i386:
aaf362f3da9cfbeac698bd0cae38849a  sendmail-8.12.11-4.21AS.8.i386.rpm
edf605382c1edceeb3520494ef1defa4  sendmail-cf-8.12.11-4.21AS.8.i386.rpm
f410e2be904b29607c8b57c598d6e86a  sendmail-devel-8.12.11-4.21AS.8.i386.rpm
7920ac760db2f52d85c942817b0a1a84  sendmail-doc-8.12.11-4.21AS.8.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.kb.cert.org/vuls/id/834865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFEIXjlXlSAg2UNWIIRAhRuAJ9csgzboVXDo8RWQHCufu5EubSTcACdF3gF
7BwYoPLST/+CwCmbyDkvbt0=
=GcVT
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Critical: sendmail security update
Advisory ID:       RHSA-2006:0264-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0264.html
Issue date:        2006-03-22
Updated on:        2006-03-22
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-0058
- - ---------------------------------------------------------------------

1. Summary:

Updated sendmail packages to fix a security issue are now available for Red
Hat Enterprise Linux 3 and 4.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Sendmail is a Mail Transport Agent (MTA) used to send mail between machines.

A flaw in the handling of asynchronous signals was discovered in Sendmail.
A remote attacker may be able to exploit a race condition to execute
arbitrary code as root.  The Common Vulnerabilities and Exposures project
assigned the name CVE-2006-0058 to this issue.

By default on Red Hat Enterprise Linux 3 and 4, Sendmail is configured to
only accept connections from the local host.  Therefore, only users who have
configured Sendmail to listen to remote hosts would be able to be remotely
exploited by this vulnerability.

Users of Sendmail are advised to upgrade to these erratum packages, which
contain a backported patch from the Sendmail team to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

184465 - CVE-2006-0058  Sendmail race condition issue


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.4.src.rpm
7d2875e6d9a3b4ddfa54e3be67888070  sendmail-8.12.11-4.RHEL3.4.src.rpm

i386:
944e64db10b061dff22a10117c7f4a31  sendmail-8.12.11-4.RHEL3.4.i386.rpm
c8fc53343bff73624542b4ea77c2b565  sendmail-cf-8.12.11-4.RHEL3.4.i386.rpm
090525584bce022b9e04bafbefb9d71a  sendmail-devel-8.12.11-4.RHEL3.4.i386.rpm
c3ea9cb0ab86047422d58447e93415fb  sendmail-doc-8.12.11-4.RHEL3.4.i386.rpm

ia64:
bc6715fefbd6bd9349b8116a13127d6b  sendmail-8.12.11-4.RHEL3.4.ia64.rpm
beb6de13a56f2fffdfed69ae7a050137  sendmail-cf-8.12.11-4.RHEL3.4.ia64.rpm
2ad6d475f92907b535b175a10572c897  sendmail-devel-8.12.11-4.RHEL3.4.ia64.rpm
231ea97fa236e429ecc6f7734f950025  sendmail-doc-8.12.11-4.RHEL3.4.ia64.rpm

ppc:
e548c09d3101ee937fa900dee199c207  sendmail-8.12.11-4.RHEL3.4.ppc.rpm
d4e14142aa623898b6a978e7658f036a  sendmail-cf-8.12.11-4.RHEL3.4.ppc.rpm
813ba2da17685d2923796826d0720735  sendmail-devel-8.12.11-4.RHEL3.4.ppc.rpm
2dc1c320d39a5733d7e2594a38d2c681  sendmail-doc-8.12.11-4.RHEL3.4.ppc.rpm

s390:
28995c615c097f06b93566bcf7e7e620  sendmail-8.12.11-4.RHEL3.4.s390.rpm
f9f3328d6170be64beaa4f1f43cca5a4  sendmail-cf-8.12.11-4.RHEL3.4.s390.rpm
6d28c9d70fb26c3ae7916f4c20937095  sendmail-devel-8.12.11-4.RHEL3.4.s390.rpm
1f16f02650a63249180b285e98fca603  sendmail-doc-8.12.11-4.RHEL3.4.s390.rpm

s390x:
4ef7001ea500dc64f7f14d42e5ef419b  sendmail-8.12.11-4.RHEL3.4.s390x.rpm
f6607a113c0efa597fdea8926c060436  sendmail-cf-8.12.11-4.RHEL3.4.s390x.rpm
65122cedf0c82b7491fcaa30bf135f63  sendmail-devel-8.12.11-4.RHEL3.4.s390x.rpm
9df7ab571f5ad111db83bf403d58ef88  sendmail-doc-8.12.11-4.RHEL3.4.s390x.rpm

x86_64:
33764d084b7cfbb9687ec3a55f6e466c  sendmail-8.12.11-4.RHEL3.4.x86_64.rpm
ea1690edc3270c917b63c10b3c2b47a3  sendmail-cf-8.12.11-4.RHEL3.4.x86_64.rpm
0a5290a0b2b2c96558fa120120eb316d  sendmail-devel-8.12.11-4.RHEL3.4.x86_64.rpm
48a4b96f92aea23a54b7e2740dcc8f87  sendmail-doc-8.12.11-4.RHEL3.4.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.4.src.rpm
7d2875e6d9a3b4ddfa54e3be67888070  sendmail-8.12.11-4.RHEL3.4.src.rpm

i386:
944e64db10b061dff22a10117c7f4a31  sendmail-8.12.11-4.RHEL3.4.i386.rpm
c8fc53343bff73624542b4ea77c2b565  sendmail-cf-8.12.11-4.RHEL3.4.i386.rpm
090525584bce022b9e04bafbefb9d71a  sendmail-devel-8.12.11-4.RHEL3.4.i386.rpm
c3ea9cb0ab86047422d58447e93415fb  sendmail-doc-8.12.11-4.RHEL3.4.i386.rpm

x86_64:
33764d084b7cfbb9687ec3a55f6e466c  sendmail-8.12.11-4.RHEL3.4.x86_64.rpm
ea1690edc3270c917b63c10b3c2b47a3  sendmail-cf-8.12.11-4.RHEL3.4.x86_64.rpm
0a5290a0b2b2c96558fa120120eb316d  sendmail-devel-8.12.11-4.RHEL3.4.x86_64.rpm
48a4b96f92aea23a54b7e2740dcc8f87  sendmail-doc-8.12.11-4.RHEL3.4.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.4.src.rpm
7d2875e6d9a3b4ddfa54e3be67888070  sendmail-8.12.11-4.RHEL3.4.src.rpm

i386:
944e64db10b061dff22a10117c7f4a31  sendmail-8.12.11-4.RHEL3.4.i386.rpm
c8fc53343bff73624542b4ea77c2b565  sendmail-cf-8.12.11-4.RHEL3.4.i386.rpm
090525584bce022b9e04bafbefb9d71a  sendmail-devel-8.12.11-4.RHEL3.4.i386.rpm
c3ea9cb0ab86047422d58447e93415fb  sendmail-doc-8.12.11-4.RHEL3.4.i386.rpm

ia64:
bc6715fefbd6bd9349b8116a13127d6b  sendmail-8.12.11-4.RHEL3.4.ia64.rpm
beb6de13a56f2fffdfed69ae7a050137  sendmail-cf-8.12.11-4.RHEL3.4.ia64.rpm
2ad6d475f92907b535b175a10572c897  sendmail-devel-8.12.11-4.RHEL3.4.ia64.rpm
231ea97fa236e429ecc6f7734f950025  sendmail-doc-8.12.11-4.RHEL3.4.ia64.rpm

x86_64:
33764d084b7cfbb9687ec3a55f6e466c  sendmail-8.12.11-4.RHEL3.4.x86_64.rpm
ea1690edc3270c917b63c10b3c2b47a3  sendmail-cf-8.12.11-4.RHEL3.4.x86_64.rpm
0a5290a0b2b2c96558fa120120eb316d  sendmail-devel-8.12.11-4.RHEL3.4.x86_64.rpm
48a4b96f92aea23a54b7e2740dcc8f87  sendmail-doc-8.12.11-4.RHEL3.4.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/sendmail-8.12.11-4.RHEL3.4.src.rpm
7d2875e6d9a3b4ddfa54e3be67888070  sendmail-8.12.11-4.RHEL3.4.src.rpm

i386:
944e64db10b061dff22a10117c7f4a31  sendmail-8.12.11-4.RHEL3.4.i386.rpm
c8fc53343bff73624542b4ea77c2b565  sendmail-cf-8.12.11-4.RHEL3.4.i386.rpm
090525584bce022b9e04bafbefb9d71a  sendmail-devel-8.12.11-4.RHEL3.4.i386.rpm
c3ea9cb0ab86047422d58447e93415fb  sendmail-doc-8.12.11-4.RHEL3.4.i386.rpm

ia64:
bc6715fefbd6bd9349b8116a13127d6b  sendmail-8.12.11-4.RHEL3.4.ia64.rpm
beb6de13a56f2fffdfed69ae7a050137  sendmail-cf-8.12.11-4.RHEL3.4.ia64.rpm
2ad6d475f92907b535b175a10572c897  sendmail-devel-8.12.11-4.RHEL3.4.ia64.rpm
231ea97fa236e429ecc6f7734f950025  sendmail-doc-8.12.11-4.RHEL3.4.ia64.rpm

x86_64:
33764d084b7cfbb9687ec3a55f6e466c  sendmail-8.12.11-4.RHEL3.4.x86_64.rpm
ea1690edc3270c917b63c10b3c2b47a3  sendmail-cf-8.12.11-4.RHEL3.4.x86_64.rpm
0a5290a0b2b2c96558fa120120eb316d  sendmail-devel-8.12.11-4.RHEL3.4.x86_64.rpm
48a4b96f92aea23a54b7e2740dcc8f87  sendmail-doc-8.12.11-4.RHEL3.4.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.3.src.rpm
e83dd254437bf7d4415a6be12c7a58da  sendmail-8.13.1-3.RHEL4.3.src.rpm

i386:
fba1a601a1ab106f67b22030ad090c28  sendmail-8.13.1-3.RHEL4.3.i386.rpm
8ed398a86f127e08ee31b19f14deafc4  sendmail-cf-8.13.1-3.RHEL4.3.i386.rpm
dade78569735970629e880969892b9f3  sendmail-devel-8.13.1-3.RHEL4.3.i386.rpm
3e656f2c678aa19f32eaad782abada8a  sendmail-doc-8.13.1-3.RHEL4.3.i386.rpm

ia64:
7b366e3fbfab8ce2a4cabff56c5dae2b  sendmail-8.13.1-3.RHEL4.3.ia64.rpm
4d2625fc1981329a7a348b360c9c2209  sendmail-cf-8.13.1-3.RHEL4.3.ia64.rpm
23e84e296ce17c5a18d2dd8ed3189d7e  sendmail-devel-8.13.1-3.RHEL4.3.ia64.rpm
5d4ca9a18cc0cd9148679fc8e4b9b339  sendmail-doc-8.13.1-3.RHEL4.3.ia64.rpm

ppc:
5d46ed345d357e23637ee93538c9bf6c  sendmail-8.13.1-3.RHEL4.3.ppc.rpm
94419ba6a9ca2b2c5fd6c270e27a0c0a  sendmail-cf-8.13.1-3.RHEL4.3.ppc.rpm
605283ccb19d98bc52c28455c4cb33ef  sendmail-devel-8.13.1-3.RHEL4.3.ppc.rpm
f94dff61d5f788c40a6da60bc54f35fd  sendmail-doc-8.13.1-3.RHEL4.3.ppc.rpm

s390:
c4a8cae7959a00d193e839219c451ccf  sendmail-8.13.1-3.RHEL4.3.s390.rpm
de299b0e3f4fd221c13ae2112a1cc8db  sendmail-cf-8.13.1-3.RHEL4.3.s390.rpm
af0b3dd5a26d1c2c375b9aa83bce4d66  sendmail-devel-8.13.1-3.RHEL4.3.s390.rpm
4839491332c2ff2fff4316655e3004b4  sendmail-doc-8.13.1-3.RHEL4.3.s390.rpm

s390x:
035e31b624879ea90785783a4565b91e  sendmail-8.13.1-3.RHEL4.3.s390x.rpm
a435f54801fe106550537e35078c115e  sendmail-cf-8.13.1-3.RHEL4.3.s390x.rpm
585b0b0c27f4fb729c31037f0887c375  sendmail-devel-8.13.1-3.RHEL4.3.s390x.rpm
8ba7aabd895330273240c1bcdbe295a8  sendmail-doc-8.13.1-3.RHEL4.3.s390x.rpm

x86_64:
798fc57962c9588440de9556f06fe3ab  sendmail-8.13.1-3.RHEL4.3.x86_64.rpm
126a565b097fcf2d48b94e735686d083  sendmail-cf-8.13.1-3.RHEL4.3.x86_64.rpm
8d60a35991c05a6fe959a529ade0959c  sendmail-devel-8.13.1-3.RHEL4.3.x86_64.rpm
0bcbe2d9682b2505c439650f693a0b6c  sendmail-doc-8.13.1-3.RHEL4.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.3.src.rpm
e83dd254437bf7d4415a6be12c7a58da  sendmail-8.13.1-3.RHEL4.3.src.rpm

i386:
fba1a601a1ab106f67b22030ad090c28  sendmail-8.13.1-3.RHEL4.3.i386.rpm
8ed398a86f127e08ee31b19f14deafc4  sendmail-cf-8.13.1-3.RHEL4.3.i386.rpm
dade78569735970629e880969892b9f3  sendmail-devel-8.13.1-3.RHEL4.3.i386.rpm
3e656f2c678aa19f32eaad782abada8a  sendmail-doc-8.13.1-3.RHEL4.3.i386.rpm

x86_64:
798fc57962c9588440de9556f06fe3ab  sendmail-8.13.1-3.RHEL4.3.x86_64.rpm
126a565b097fcf2d48b94e735686d083  sendmail-cf-8.13.1-3.RHEL4.3.x86_64.rpm
8d60a35991c05a6fe959a529ade0959c  sendmail-devel-8.13.1-3.RHEL4.3.x86_64.rpm
0bcbe2d9682b2505c439650f693a0b6c  sendmail-doc-8.13.1-3.RHEL4.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.3.src.rpm
e83dd254437bf7d4415a6be12c7a58da  sendmail-8.13.1-3.RHEL4.3.src.rpm

i386:
fba1a601a1ab106f67b22030ad090c28  sendmail-8.13.1-3.RHEL4.3.i386.rpm
8ed398a86f127e08ee31b19f14deafc4  sendmail-cf-8.13.1-3.RHEL4.3.i386.rpm
dade78569735970629e880969892b9f3  sendmail-devel-8.13.1-3.RHEL4.3.i386.rpm
3e656f2c678aa19f32eaad782abada8a  sendmail-doc-8.13.1-3.RHEL4.3.i386.rpm

ia64:
7b366e3fbfab8ce2a4cabff56c5dae2b  sendmail-8.13.1-3.RHEL4.3.ia64.rpm
4d2625fc1981329a7a348b360c9c2209  sendmail-cf-8.13.1-3.RHEL4.3.ia64.rpm
23e84e296ce17c5a18d2dd8ed3189d7e  sendmail-devel-8.13.1-3.RHEL4.3.ia64.rpm
5d4ca9a18cc0cd9148679fc8e4b9b339  sendmail-doc-8.13.1-3.RHEL4.3.ia64.rpm

x86_64:
798fc57962c9588440de9556f06fe3ab  sendmail-8.13.1-3.RHEL4.3.x86_64.rpm
126a565b097fcf2d48b94e735686d083  sendmail-cf-8.13.1-3.RHEL4.3.x86_64.rpm
8d60a35991c05a6fe959a529ade0959c  sendmail-devel-8.13.1-3.RHEL4.3.x86_64.rpm
0bcbe2d9682b2505c439650f693a0b6c  sendmail-doc-8.13.1-3.RHEL4.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/sendmail-8.13.1-3.RHEL4.3.src.rpm
e83dd254437bf7d4415a6be12c7a58da  sendmail-8.13.1-3.RHEL4.3.src.rpm

i386:
fba1a601a1ab106f67b22030ad090c28  sendmail-8.13.1-3.RHEL4.3.i386.rpm
8ed398a86f127e08ee31b19f14deafc4  sendmail-cf-8.13.1-3.RHEL4.3.i386.rpm
dade78569735970629e880969892b9f3  sendmail-devel-8.13.1-3.RHEL4.3.i386.rpm
3e656f2c678aa19f32eaad782abada8a  sendmail-doc-8.13.1-3.RHEL4.3.i386.rpm

ia64:
7b366e3fbfab8ce2a4cabff56c5dae2b  sendmail-8.13.1-3.RHEL4.3.ia64.rpm
4d2625fc1981329a7a348b360c9c2209  sendmail-cf-8.13.1-3.RHEL4.3.ia64.rpm
23e84e296ce17c5a18d2dd8ed3189d7e  sendmail-devel-8.13.1-3.RHEL4.3.ia64.rpm
5d4ca9a18cc0cd9148679fc8e4b9b339  sendmail-doc-8.13.1-3.RHEL4.3.ia64.rpm

x86_64:
798fc57962c9588440de9556f06fe3ab  sendmail-8.13.1-3.RHEL4.3.x86_64.rpm
126a565b097fcf2d48b94e735686d083  sendmail-cf-8.13.1-3.RHEL4.3.x86_64.rpm
8d60a35991c05a6fe959a529ade0959c  sendmail-devel-8.13.1-3.RHEL4.3.x86_64.rpm
0bcbe2d9682b2505c439650f693a0b6c  sendmail-doc-8.13.1-3.RHEL4.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.kb.cert.org/vuls/id/834865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFEIXjDXlSAg2UNWIIRAg2SAJ90YhR0H8+1YtVFl3/ul/zxclypYACeK5db
l6zmqM3K34PhxzKPhn+AniY=
=SWob
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRCH6Dyh9+71yA2DNAQK2XQP8DKLPNSHzmtZmKPMwiN/QFp74e/FAWBSf
Ab5fPN7fh+j0zLugk4fADQ7i2jOGH+twd1XStYTM6CBx7ca6tv9qxLyM+QIb1bR7
enJxXWWjU1SXEOQgKps5e5jF/7TIPXwmVKAA+s4PXTj81sUL/Lm45eV+2EF8vCg6
TkXGtKvtuk4=
=9FLC
-----END PGP SIGNATURE-----