[Bug 1164084] New: Sendmail upstream security bug report
http://bugzilla.suse.com/show_bug.cgi?id=1164084 Bug ID: 1164084 Summary: Sendmail upstream security bug report Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: All OS: openSUSE Factory Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: werner@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- - Add upstream patch 8.15.2.mci.p0 * If sendmail tried to reuse an SMTP session which had already been closed by the server, then the connection cache could have invalid information about the session. One possible consequence was that STARTTLS was not used even if offered. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1164084 Dr. Werner Fink <werner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |werner@suse.com Assignee|bnc-team-screening@forge.pr |security-team@suse.de |ovo.novell.com | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1164084 Dr. Werner Fink <werner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Zsolt.Kalmar@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1164084 http://bugzilla.suse.com/show_bug.cgi?id=1164084#c1 --- Comment #1 from Dr. Werner Fink <werner@suse.com> --- SR#211575 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1164084 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Sendmail upstream security |VUL-0: sendmail: Sendmail |bug report |upstream security bug | |report -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1164084 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1164084 Maintenance Robot <maint-coord+maintenance_robot@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1164084 http://bugzilla.suse.com/show_bug.cgi?id=1164084#c3 Alexander Bergmann <abergmann@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |abergmann@suse.com --- Comment #3 from Alexander Bergmann <abergmann@suse.com> --- References: https://bugzilla.redhat.com/show_bug.cgi?id=1313508 https://ftp.sendmail.org/8.15.2.mci.p0 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1164084 http://bugzilla.suse.com/show_bug.cgi?id=1164084#c4 --- Comment #4 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2020:0567-1: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 1164084 CVE References: Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): sendmail-8.15.2-8.6.1 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): sendmail-8.15.2-8.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1164084 http://bugzilla.suse.com/show_bug.cgi?id=1164084#c5 --- Comment #5 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-RU-2020:0315-1: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 1164084 CVE References: Sources used: openSUSE Leap 15.1 (src): sendmail-8.15.2-lp151.7.7.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1164084 https://bugzilla.suse.com/show_bug.cgi?id=1164084#c6 --- Comment #6 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2020:0567-2: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 1164084 CVE References: Sources used: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src): sendmail-8.15.2-8.6.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src): sendmail-8.15.2-8.6.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): sendmail-8.15.2-8.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1164084 Hu <cathy.hu@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cathy.hu@suse.com Assignee|security-team@suse.de |werner@suse.com OS|openSUSE Factory |All -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1164084 https://bugzilla.suse.com/show_bug.cgi?id=1164084#c11 --- Comment #11 from Marcus Meissner <meissner@suse.com> --- Created attachment 861584 --> https://bugzilla.suse.com/attachment.cgi?id=861584&action=edit sendmail-fix-bsc1164084.patch patch backported for SLE12 sendmail. Compile tested only. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1164084 https://bugzilla.suse.com/show_bug.cgi?id=1164084#c12 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #861584|0 |1 is obsolete| | --- Comment #12 from Marcus Meissner <meissner@suse.com> --- Created attachment 861585 --> https://bugzilla.suse.com/attachment.cgi?id=861585&action=edit sendmail-fix-bsc1164084.patch sendmail-fix-bsc1164084.patch (updated , 1 implicit fixed) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1164084 https://bugzilla.suse.com/show_bug.cgi?id=1164084#c13 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(meissner@suse.com | |) | --- Comment #13 from Marcus Meissner <meissner@suse.com> --- Created attachment 861587 --> https://bugzilla.suse.com/attachment.cgi?id=861587&action=edit sendmail-fix-bsc1164084-sle11.patch sle11-sp1 sendmail patch. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1164084 https://bugzilla.suse.com/show_bug.cgi?id=1164084#c17 --- Comment #17 from Swamp Workflow Management <swamp@suse.de> --- SUSE-SU-2022:3529-1: An update that contains security fixes can now be installed. Category: security (important) Bug References: 1164084 CVE References: JIRA References: Sources used: SUSE Linux Enterprise Module for Legacy Software 12 (src): sendmail-8.14.9-4.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1164084 https://bugzilla.suse.com/show_bug.cgi?id=1164084#c19 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(cathy.hu@suse.com | |), | |needinfo?(meissner@suse.com | |) | --- Comment #19 from Marcus Meissner <meissner@suse.com> --- . -- You are receiving this mail because: You are on the CC list for the bug.
participants (2)
-
bugzilla_noreply@novell.com -
bugzilla_noreply@suse.com