Bulletin d'alerte Debian
DSA-1155-2 sendmail -- Erreur de programmation
- Date du rapport :
- 24 août 2006
- Paquets concernés :
- sendmail
- Vulnérabilité :
- Oui
- Références dans la base de données de sécurité :
- Dans le système de suivi des bogues Debian : Bogue 373801, Bogue 380258.
Dans la base de données de suivi des bogues (chez SecurityFocus) : Identifiant BugTraq 18433.
Dans le dictionnaire CVE du Mitre : CVE-2006-1173.
Les annonces de vulnérabilité et les bulletins d'alerte du CERT : VU#146718. - Plus de précisions :
-
Il est apparu que le paquet binaire sendmail dépendait de libsasl2 (>= 2.1.19.dfsg1) qui n'est disponible ni dans l'archive stable ni dans celle de sécurité. Il est prévu d'incorporer cette version dans la prochaine mise à jour de la version stable cependant.
Vous devrez télécharger le fichier référencé pour votre architecture ci-dessous et l'installer avec la commande dpkg -i.
Comme alternative, l'ajout temporaire de la ligne suivant à /etc/apt/sources.list palliera au problème également :
deb http://ftp.debian.de/debian stable-proposed-updates mainAfin d'être complet, voici le bulletin d'alerte initial :
Frank Sheiness a découvert qu'une routine de conversion MIME de sendmail, un agent de transport de courriels puissant, efficace et modulable, pourrait être trompée par un courriel réalisé spécialement pour engendrer une récursion sans fin.
Pour la distribution stable (Sarge), ce problème a été corrigé dans la version 8.13.4-3sarge2.
Pour la distribution instable (Sid), ce problème a été corrigé dans la version 8.13.7-1.
Nous vous recommandons de mettre à jour votre paquet sendmail.
- Corrigé dans :
-
Debian GNU/Linux 3.1 (sarge)
- Source :
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge2.dsc
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge2.diff.gz
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4.orig.tar.gz
- http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.dfsg1-0sarge2.dsc
- http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.dfsg1-0sarge2.diff.gz
- http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.dfsg1.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge2.diff.gz
- Composant indépendant de l'architecture :
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-base_8.13.4-3sarge2_all.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-cf_8.13.4-3sarge2_all.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.13.4-3sarge2_all.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge2_all.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-cf_8.13.4-3sarge2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_alpha.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_alpha.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_alpha.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_alpha.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_alpha.deb
- http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_alpha.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_amd64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_arm.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_arm.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_arm.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_arm.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_arm.deb
- http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_arm.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_i386.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_i386.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_i386.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_i386.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_i386.deb
- http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_i386.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_ia64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_ia64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_ia64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_ia64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_ia64.deb
- http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_ia64.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_hppa.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_hppa.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_hppa.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_hppa.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_hppa.deb
- http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_hppa.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_m68k.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_m68k.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_m68k.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_m68k.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_m68k.deb
- http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_m68k.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_mips.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_mips.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_mips.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_mips.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_mips.deb
- http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_mips.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_mipsel.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_mipsel.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_mipsel.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_mipsel.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_mipsel.deb
- http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_mipsel.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_powerpc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_powerpc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_powerpc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_powerpc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_powerpc.deb
- http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_powerpc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_s390.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_s390.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_s390.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_s390.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_s390.deb
- http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_s390.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_sparc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_sparc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_sparc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_sparc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_sparc.deb
- http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_sparc.deb
- http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_sparc.deb
Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.
Les sommes MD5 des fichiers indiqués sont disponibles dans la nouvelle annonce de sécurité.