Advisories » MGASA-2014-0270

Updated sendmail packages fix CVE-2014-3956

Publication date: 20 Jun 2014
Modification date: 20 Jun 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3956

Description

Updated sendmail packages fix security vulnerability:

Sendmail before 8.14.9 does not properly closing file descriptors before
executing programs. This bug could enable local users to interfere with
an open SMTP connection if they can execute their own program for mail
delivery (e.g., via procmail or the prog mailer) (CVE-2014-3956).
                

References

• https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134349.html
• https://bugs.mageia.org/show_bug.cgi?id=13431
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3956

SRPMS

4/core

• sendmail-8.14.7-3.1.mga4

3/core

• sendmail-8.14.6-2.1.mga3