The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Sendmail: denial of service via a MIME message

Synthesis of the vulnerability 

An attacker can create an email containing deeply nested MIME in order to exhaust memory space of process.
Vulnerable systems: Debian, Fedora, FreeBSD, Tru64 UNIX, HP-UX, AIX, Mandriva Linux, Mandriva NF, NetBSD, OpenBSD, openSUSE, Solaris, Trusted Solaris, RHEL, RedHat Linux, Sendmail, Slackware, SLES, TurboLinux.
Severity of this threat: 3/4.
Creation date: 15/06/2006.
Références of this weakness: 102460, 20060601-01-P, 20060602-01-U, 373801, 380258, 6424201, BID-18433, c00680632, c00692635, CERTA-2006-AVI-246, CERTA-2006-AVI-336, CVE-2006-1173, DSA-1155-1, DSA-1155-2, DUXKIT1000636-V40FB22-ES-20060519, FEDORA-2006-836, FEDORA-2006-837, FLSA-2006:195418, FreeBSD-SA-06:17.sendmail, HPSBTU02116, HPSBUX02124, MDKSA-2006:104, NetBSD-SA2006-017, RHSA-2006:051, RHSA-2006:0515-01, SA-200605-01, SSA:2006-166-01, SSRT061135, SSRT061159, SUSE-SA:2006:032, T64V51AB-IX-631-SENDMAIL-SSRT-061135, TLSA-2006-9, VIGILANCE-VUL-5924, VU#146718.

Description of the vulnerability 

An email can contain several parts separated by MIME headers. Each part can also contain data encapsulated with MIME headers.

When Sendmail has to transfer an email to a MTA server which does not support binary data on 8 bit, message is converted to 7 bit using mime8to7() function. Each time this function is called, an important stack memory area is used.

When the mail to transfer contains deeply nested MIME, the mime8to7() function can use all available stack area. The process then stops and a core dump is eventually generated.

The main Sendmail process is not stopped, but when the bad email is in the queue, following emails are not transmitted. Moreover, core dumps can fill the disk.

An attacker can therefore create a malicious email to disturb Sendmail and saturate computer, but without fully stopping the service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness alert impacts software or systems such as Debian, Fedora, FreeBSD, Tru64 UNIX, HP-UX, AIX, Mandriva Linux, Mandriva NF, NetBSD, OpenBSD, openSUSE, Solaris, Trusted Solaris, RHEL, RedHat Linux, Sendmail, Slackware, SLES, TurboLinux.

Our Vigil@nce team determined that the severity of this computer vulnerability note is important.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this security bulletin.

Solutions for this threat 

Sendmail: version 8.13.7 and workarounds.
Version 8.13.7 is corrected:
  ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.gz
  ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.gz.sig
  ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.Z
  ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.7.tar.Z.sig
A workaround is to not generate core dumps, or to unlimit the stack size (requires bigger messages which will be blocked by MaxMessageSize) :
 - sh, bash, ksh:
    ulimit -s unlimited ()
    ulimit -c 0
 - csh, tcsh, zsh
    limit stacksize unlimited
    limit coredumpsize 0
A workaround is to use ForkEachJob or QueueSortOrder to not block queue.
A filter is also available:
  https://www.sendmail.com/cfusion/CFIDE/kb_doc.cfm?kb_id=S10808

AIX: APAR for APAR.
An APAR will be available:
  AIX 5.2.0: IY85930 (23/08/2006)
  AIX 5.3.0: IY85415 (09/08/2006)
A fix is proposed:
  ftp://aix.software.ibm.com/aix/efixes/security/sendmail_vu146718.tar.Z

Debian: new sendmail packages.
New packages are available (they depend on libsasl2 >= 2.1.19.dfsg1):
  AMD64 architecture:
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_amd64.deb
      Size/MD5 checksum: 296580 dbb1c9930fdd39d78f00165ab3bd4103
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_amd64.deb
      Size/MD5 checksum: 213218 5bf6afa8b44b7a85a639809c82294635
    http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_amd64.deb
      Size/MD5 checksum: 225286 f0eb29825d98fae3ae47aca60cc25d59
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_amd64.deb
      Size/MD5 checksum: 851166 2ab733eb6108e0cb75f461ee855f602a
    http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_amd64.deb
      Size/MD5 checksum: 197680 edb148b36ded61b6bd0615d120508605
  Intel IA-32 architecture:
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_i386.deb
      Size/MD5 checksum: 287210 b0906f03f7965d82207c9510cafb6bca
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_i386.deb
      Size/MD5 checksum: 211614 1b239843c9a627900d62208144c4425c
    http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_i386.deb
      Size/MD5 checksum: 222384 101b1290a634f1f3b0fbe385fa3f00ea
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_i386.deb
      Size/MD5 checksum: 812502 f4533171ad66b3d3bb5e3457b8f072eb
    http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_i386.deb
      Size/MD5 checksum: 197280 bb50d3704bcd94d8fc391dd2b6bf4a89
  Intel IA-64 architecture:
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_ia64.deb
      Size/MD5 checksum: 330728 ce5076cdb2b4d6841697f8441b903c4b
    http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_ia64.deb
      Size/MD5 checksum: 220454 1bf7b131f12c5efedf329a8c606a6905
    http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_ia64.deb
      Size/MD5 checksum: 239680 702d539a34fd1b1316fedda55b7e5ae1
    http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_ia64.deb
      Size/MD5 checksum: 1162596 3f9c5fd6e4e58d09c488d1e18e5e8199
    http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_ia64.deb
      Size/MD5 checksum: 198966 82381861fc653cc8bcc0bdd11b6c982e

Fedora Core 4: new sendmail packages.
New packages are available:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
a6642a841539dcea113316c325c39168d177e5d0 SRPMS/sendmail-8.13.7-2.fc4.1.src.rpm
a6642a841539dcea113316c325c39168d177e5d0 noarch/sendmail-8.13.7-2.fc4.1.src.rpm
90374736464edf8e0f2230a1f356fb499d06d2a2 ppc/sendmail-8.13.7-2.fc4.1.ppc.rpm
afb41676d7f25a83b61ef5ecef51a0744e4b6a4a ppc/sendmail-doc-8.13.7-2.fc4.1.ppc.rpm
9cd3c77a427818a0322098d76b098a3107f417d6 ppc/sendmail-devel-8.13.7-2.fc4.1.ppc.rpm
96278cdfb648244407cc2b03771eb6f2c516a48c ppc/sendmail-cf-8.13.7-2.fc4.1.ppc.rpm
9bdbf7804456501f06f8e5c4f9be54234f209c59 ppc/debug/sendmail-debuginfo-8.13.7-2.fc4.1.ppc.rpm
1b043eee5c72a67581785f79eb0b67cfc4dbf1d1 x86_64/sendmail-8.13.7-2.fc4.1.x86_64.rpm
b536fb92e1d36fbe4c8ef3ddbe00418fc85e285c x86_64/sendmail-doc-8.13.7-2.fc4.1.x86_64.rpm
1760a3b735a36175929e751fc34919a049eb0b1d x86_64/sendmail-devel-8.13.7-2.fc4.1.x86_64.rpm
e4db926fe8836cde3ae965016295c1897853303e x86_64/sendmail-cf-8.13.7-2.fc4.1.x86_64.rpm
04e9de00291ca0ac09ea5e151083d0e47a9331fe x86_64/debug/sendmail-debuginfo-8.13.7-2.fc4.1.x86_64.rpm
a7b48c68e456d04b4dea952c7d5c9314ecc9d35b i386/sendmail-8.13.7-2.fc4.1.i386.rpm
e9049e4cfeac47241bd4a103095867beaefd8736 i386/sendmail-doc-8.13.7-2.fc4.1.i386.rpm
165960546c550401658fbf18a72ad66c5019da1f i386/sendmail-devel-8.13.7-2.fc4.1.i386.rpm
f54cac013686bbee4a037cdcee049ddef26f39f3 i386/sendmail-cf-8.13.7-2.fc4.1.i386.rpm
e78f7fa356925aedaf110bc35b9ff1609d785ac9 i386/debug/sendmail-debuginfo-8.13.7-2.fc4.1.i386.rpm

Fedora Core 5: new sendmail packages.
New packages are available:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
89229b301a7fdb19d42d3b555f5e14d240ebd8b5 SRPMS/sendmail-8.13.7-2.fc5.1.src.rpm
89229b301a7fdb19d42d3b555f5e14d240ebd8b5 noarch/sendmail-8.13.7-2.fc5.1.src.rpm
af41c97fcdccd59d72333c1e91680415c9a085aa ppc/sendmail-devel-8.13.7-2.fc5.1.ppc.rpm
07fae10f701a8492089e4e74d0c17590a44c7527 ppc/sendmail-8.13.7-2.fc5.1.ppc.rpm
2f49b5baea84b5a021308c62f36c84418e237e66 ppc/sendmail-cf-8.13.7-2.fc5.1.ppc.rpm
43c79ff6ca386a067579a860a51d5cd711ee2d6a ppc/sendmail-doc-8.13.7-2.fc5.1.ppc.rpm
8f5a04243c1d40c7a5829adb86eee7635cafe629 ppc/debug/sendmail-debuginfo-8.13.7-2.fc5.1.ppc.rpm
c2213e2a45aa897c51f5e520ada126787321723f x86_64/debug/sendmail-debuginfo-8.13.7-2.fc5.1.x86_64.rpm
a41da7741e8c275e68b91f2cf139cafca9c6d731 x86_64/sendmail-cf-8.13.7-2.fc5.1.x86_64.rpm
191e34649ddeda0ef2038303a5eed7670565ea8d x86_64/sendmail-8.13.7-2.fc5.1.x86_64.rpm
80cb3252896c4567140cccbcc88539b9a2fc86ce x86_64/sendmail-doc-8.13.7-2.fc5.1.x86_64.rpm
ce4c724c17ce4bf5d3adf920e953b69b56a41e35 x86_64/sendmail-devel-8.13.7-2.fc5.1.x86_64.rpm
9a78eb3780d61851333bb33de584c36ab17b2778 i386/sendmail-cf-8.13.7-2.fc5.1.i386.rpm
2fd39f7205ebb813e0cd82ca6956a6d014dd83ab i386/sendmail-devel-8.13.7-2.fc5.1.i386.rpm
09a92f50d461c47d68da4dad4671f69f59edd3d7 i386/debug/sendmail-debuginfo-8.13.7-2.fc5.1.i386.rpm
0458d9e9e9d02f365981202f78a6712b07537a0c i386/sendmail-doc-8.13.7-2.fc5.1.i386.rpm
0619f1c0f5d39687ea572c93f6d8bc7ce026f17c i386/sendmail-8.13.7-2.fc5.1.i386.rpm

FreeBSD: patch for sendmail.
A patch is available:
# fetch http://security.FreeBSD.org/patches/SA-06:17/sendmail.patch
# fetch http://security.FreeBSD.org/patches/SA-06:17/sendmail.patch.asc

HP-UX: patch for Sendmail.
A patch is available:
sendmail 8.13.3
  HP-UX B.11.23 (SMAIL-UPGRADE.INET-SMAIL, SMAIL-UPGRADE.INET2-SMAIL)
    install revision B.11.23.01.003
    http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=SMAIL813
  HP-UX B.11.11(SMAIL-UPGRADE.INETSVCS-SMAIL)
    install revision B.11.11.02.004
    http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=SMAIL813
sendmail 8.11.1
  HP-UX B.11.23 (InternetSrvcs.INETSVCS2-RUN)
    PHNE_34689
  HP-UX B.11.11 (SMAIL-811.INETSVCS-SMAIL)
    install revision B.11.11.01.010
    ftp://sendmail:sendmail@hprc.external.hp.com/sendmail-811_10.depot
  HP-UX B.11.00 (SMAIL-811.INETSVCS-SMAIL)
    install revision B.11.00.01.009
    http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=SMAIL811
sendmail 8.9.3
  HP-UX B.11.11 (InternetSrvcs.INETSVCS-RUN)
    PHNE_34936
  HP-UX B.11.04 (InternetSrvcs.INETSVCS-RUN)
    PHNE_34927
  HP-UX B.11.00 (InternetSrvcs.INETSVCS-RUN)
    PHNE_34900
sendmail 8.8.6
  HP-UX B.11.00 (InternetSrvcs.INETSVCS-RUN)
    PHNE_34900

IRIX: patch for sendmail.
Patch 7107 is available for IRIX 6.5.27 to 6.5.29.

Mandriva: new sendmail packages.
New packages are available:
 
 Mandriva Linux 10.2:
 ae38971f32c425559e48b1cffc54c1de 10.2/RPMS/sendmail-8.13.3-2.2.102mdk.i586.rpm
 a5d541e7bcf183565413cbd58f621324 10.2/RPMS/sendmail-cf-8.13.3-2.2.102mdk.i586.rpm
 0dbf1c048543e8fc4be2f57bf98d27b3 10.2/RPMS/sendmail-devel-8.13.3-2.2.102mdk.i586.rpm
 4d54ff93663180cbe0459d0f4bc2dc77 10.2/RPMS/sendmail-doc-8.13.3-2.2.102mdk.i586.rpm
 426cf631d8ef58a87e271a505e448141 10.2/SRPMS/sendmail-8.13.3-2.2.102mdk.src.rpm
 Mandriva Linux 10.2/X86_64:
 3703cca877a631438ab6c764bdbacdcf x86_64/10.2/RPMS/sendmail-8.13.3-2.2.102mdk.x86_64.rpm
 42c7ec64d37d3b01c51c92293ac3b75d x86_64/10.2/RPMS/sendmail-cf-8.13.3-2.2.102mdk.x86_64.rpm
 3793e9fc7fe6f276622f8201f058880c x86_64/10.2/RPMS/sendmail-devel-8.13.3-2.2.102mdk.x86_64.rpm
 1ee6790bc995552f9a2edc0f5a7c82cb x86_64/10.2/RPMS/sendmail-doc-8.13.3-2.2.102mdk.x86_64.rpm
 426cf631d8ef58a87e271a505e448141 x86_64/10.2/SRPMS/sendmail-8.13.3-2.2.102mdk.src.rpm
 Mandriva Linux 2006.0:
 6e0692d3da4855c709cd6887e250307c 2006.0/RPMS/sendmail-8.13.4-6.2.20060mdk.i586.rpm
 e3ba6f0cdc1889cbd3341752ab692feb 2006.0/RPMS/sendmail-cf-8.13.4-6.2.20060mdk.i586.rpm
 7550c2fc61fc8055ca70c8dcfed83b24 2006.0/RPMS/sendmail-devel-8.13.4-6.2.20060mdk.i586.rpm
 37d4daa577cbb2376d4668daf7a93ac1 2006.0/RPMS/sendmail-doc-8.13.4-6.2.20060mdk.i586.rpm
 cd7d68cbd7468e3f2ca518a4cbb6a512 2006.0/SRPMS/sendmail-8.13.4-6.2.20060mdk.src.rpm
 Mandriva Linux 2006.0/X86_64:
 6cc73e9962e0db4deb3293aede92461e x86_64/2006.0/RPMS/sendmail-8.13.4-6.2.20060mdk.x86_64.rpm
 ef6cefe40f874bf47d245a5d0ee9a693 x86_64/2006.0/RPMS/sendmail-cf-8.13.4-6.2.20060mdk.x86_64.rpm
 8bc955699f5e530346887c5445b91c47 x86_64/2006.0/RPMS/sendmail-devel-8.13.4-6.2.20060mdk.x86_64.rpm
 679e95e7801fffe86bb6e7cf8d7e6263 x86_64/2006.0/RPMS/sendmail-doc-8.13.4-6.2.20060mdk.x86_64.rpm
 cd7d68cbd7468e3f2ca518a4cbb6a512 x86_64/2006.0/SRPMS/sendmail-8.13.4-6.2.20060mdk.src.rpm
 Corporate 3.0:
 1f7889191631f8b4e97c16bb66c45c81 corporate/3.0/RPMS/sendmail-8.12.11-1.2.C30mdk.i586.rpm
 6dec993c7882267252f14e42ecd16f5b corporate/3.0/RPMS/sendmail-cf-8.12.11-1.2.C30mdk.i586.rpm
 5cdd264853141757f8e966a9be70d462 corporate/3.0/RPMS/sendmail-devel-8.12.11-1.2.C30mdk.i586.rpm
 9889d673b7e87f2f86cfa9e73b8103f6 corporate/3.0/RPMS/sendmail-doc-8.12.11-1.2.C30mdk.i586.rpm
 988ac5bc0330e8beec3c7bf52c374c3d corporate/3.0/SRPMS/sendmail-8.12.11-1.2.C30mdk.src.rpm
 Corporate 3.0/X86_64:
 a3b73368a0e013a33b33c65c5e98e8cc x86_64/corporate/3.0/RPMS/sendmail-8.12.11-1.2.C30mdk.x86_64.rpm
 a0ea18d115e8efb2a89b43a6cb7c4f5f x86_64/corporate/3.0/RPMS/sendmail-cf-8.12.11-1.2.C30mdk.x86_64.rpm
 1e9b04f41611fb78d2059d82725ab7f7 x86_64/corporate/3.0/RPMS/sendmail-devel-8.12.11-1.2.C30mdk.x86_64.rpm
 10e29b80349114a764bfb1fcfcbe5e30 x86_64/corporate/3.0/RPMS/sendmail-doc-8.12.11-1.2.C30mdk.x86_64.rpm
 988ac5bc0330e8beec3c7bf52c374c3d x86_64/corporate/3.0/SRPMS/sendmail-8.12.11-1.2.C30mdk.src.rpm
 Multi Network Firewall 2.0:
 d8b9a398e99a2b7cd6390cbf19161987 mnf/2.0/RPMS/sendmail-8.12.11-1.2.M20mdk.i586.rpm
 17a75e7f8a3d6d6cb56329e9b6c7bb57 mnf/2.0/RPMS/sendmail-cf-8.12.11-1.2.M20mdk.i586.rpm
 3dba7187822ab418050dd8a7061b873d mnf/2.0/SRPMS/sendmail-8.12.11-1.2.M20mdk.src.rpm

NetBSD: patch for Sendmail.
The procedure is described in NetBSD announce.

NetBSD: version 3.0.2.
Version 3.0.2 is corrected:
  http://www.netbsd.org/

NetBSD: version 3.1.
Version 3.1 is corrected:
  http://www.netbsd.org/

OpenBSD: patch for sendmail.
A patch is available:
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/003_sendmail2.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/008_sendmail2.patch

Red Hat Linux, Fedora Core: new sendmail packages.
New packages are available:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/sendmail-8.12.11-4.22.11.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-8.12.11-4.22.11.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-cf-8.12.11-4.22.11.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-devel-8.12.11-4.22.11.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-doc-8.12.11-4.22.11.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/sendmail-8.12.11-4.24.4.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-8.12.11-4.24.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-cf-8.12.11-4.24.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-devel-8.12.11-4.24.4.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/sendmail-doc-8.12.11-4.24.4.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/sendmail-8.12.11-4.25.4.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/sendmail-8.12.11-4.25.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/sendmail-cf-8.12.11-4.25.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/sendmail-devel-8.12.11-4.25.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/sendmail-doc-8.12.11-4.25.4.legacy.i386.rpm
Fedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/sendmail-8.12.11-4.26.1.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-8.12.11-4.26.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-cf-8.12.11-4.26.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-devel-8.12.11-4.26.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/sendmail-doc-8.12.11-4.26.1.legacy.i386.rpm
Fedora Core 3:
SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/sendmail-8.13.1-4.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-8.13.1-4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-cf-8.13.1-4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-devel-8.13.1-4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/sendmail-doc-8.13.1-4.legacy.i386.rpm
x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/sendmail-8.13.1-4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/sendmail-cf-8.13.1-4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/sendmail-devel-8.13.1-4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/sendmail-doc-8.13.1-4.legacy.x86_64.rpm

RHEL: new sendmail packages.
New packages are available:
Red Hat Enterprise Linux version 2.1: sendmail-8.12.11-4.21AS.10
Red Hat Enterprise Linux version 3: sendmail-8.12.11-4.RHEL3.6
Red Hat Enterprise Linux version 4: sendmail-8.13.1-3.RHEL4.5

SGI ProPack 3 SP6: new mailman, quagga, postgresql, sendmail, xscreensaver packages.
Patch 10314 is available:
  http://support.sgi.com/
New packages are also available:
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
  ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

Slackware: new sendmail packages.
New packages are available:
Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-8.13.7-i386-1_slack8.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sendmail-cf-8.13.7-noarch-1_slack8.1.tgz
Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sendmail-8.13.7-i386-1_slack9.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sendmail-cf-8.13.7-noarch-1_slack9.0.tgz
Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/sendmail-8.13.7-i486-1_slack9.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/sendmail-cf-8.13.7-noarch-1_slack9.1.tgz
Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/sendmail-8.13.7-i486-1_slack10.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/sendmail-cf-8.13.7-noarch-1_slack10.0.tgz
Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/sendmail-8.13.7-i486-1_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/sendmail-cf-8.13.7-noarch-1_slack10.1.tgz
Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/sendmail-8.13.7-i486-1_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/sendmail-cf-8.13.7-noarch-1_slack10.2.tgz
Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sendmail-8.13.7-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sendmail-cf-8.13.7-noarch-1.tgz

Solaris: workarounds for Sendmail.
Sendmail's announce lists workarounds.
Some patches are available:
 SPARC
   - Solaris 8: 110615-15
   - Solaris 9: 113575-07
   - Solaris 10: 122856-02
 x86
   - Solaris 8: 110616-15
   - Solaris 9: 114137-06
   - Solaris 10: 122857-03

SUSE: new sendmail packages.
New packages are available:
   SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/sendmail-8.13.6-9.3.i586.rpm
         1e3fa1b7a729d2b260a4da6d9ff962f4
   SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/sendmail-8.13.4-8.6.i586.rpm
         70a41db80164fb7d50e823774566ea9e
   SUSE LINUX 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/sendmail-8.13.3-5.6.i586.rpm
         94679162ea3b479f20362f0d01ea4d72
   SUSE LINUX 9.2:
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/sendmail-8.13.1-5.6.i586.rpm
         10e79f3a40ec0c25911cf2549009d609
   SUSE LINUX 9.1:
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/sendmail-8.12.11-2.7.i586.rpm
         adc59ac9fa4ba76743bd073e0334b9d9

Tru64 UNIX: patch for Internet Express sendmail.
A patch is available. Its installation procedure is detailled in HP's announce.

Turbolinux: new sendmail packages.
New packages are available:
 Turbolinux Appliance Server 2.0
   sendmail-8.13.1-8.i586.rpm
       453653 885bb67f267c4dd169b20f359843d87f
   sendmail-cf-8.13.1-8.i586.rpm
       157365 3d1080fa8175ed8760895056091be02e
 Turbolinux 10 Server x64 Edition
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/misc/RPMS/sendmail-8.13.1-8.x86_64.rpm
       532602 bc38b7d193a7a6c6ed39dece8eab2d8b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/misc/RPMS/sendmail-cf-8.13.1-8.x86_64.rpm
       157196 34e3817fae1c347cd89d1feba501f733
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/misc/RPMS/sendmail-devel-8.13.1-8.x86_64.rpm
       134361 1ba1a02d97ed57f09f5068348dfa8cfa
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/misc/RPMS/sendmail-doc-8.13.1-8.x86_64.rpm
       450319 6ab5ff2b349265ba657a9f4ee4098694
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/misc/RPMS/sendmail-vacation-8.13.1-8.x86_64.rpm
        58232 c563b70c5dac6f5723dec6f4f99da36c
 Turbolinux Appliance Server 1.0 Hosting Edition
   sendmail-8.12.10-7.i586.rpm
       435850 b20f78ba7b61b3e7b4fce8a097608a70
   sendmail-cf-8.12.10-7.i586.rpm
       146313 ba2d49164d1207880b0ad29613ecdb84
   sendmail-doc-8.12.10-7.i586.rpm
       429113 a36f1b84c5541a7f460520a9f71f90a0
 Turbolinux Appliance Server 1.0 Workgroup Edition
   sendmail-8.12.10-7.i586.rpm
       436122 7916289f2d8b65677fdcc6982709c22c
   sendmail-cf-8.12.10-7.i586.rpm
       146540 875d9ace81697f15d35f9e6af2fcb893
   sendmail-doc-8.12.10-7.i586.rpm
       429370 e7b79712172cfb2e63c06c3abb62f69e
 Turbolinux 10 Server
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/misc/RPMS/sendmail-8.13.1-8.i586.rpm
       453653 885bb67f267c4dd169b20f359843d87f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/misc/RPMS/sendmail-cf-8.13.1-8.i586.rpm
       157365 3d1080fa8175ed8760895056091be02e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/misc/RPMS/sendmail-devel-8.13.1-8.i586.rpm
       125295 9ca93d3585a8351dc5416637d06059ef
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/misc/RPMS/sendmail-doc-8.13.1-8.i586.rpm
       450637 9d49f367f3e3cabdacf05c67b25e1d87
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/misc/RPMS/sendmail-vacation-8.13.1-8.i586.rpm
        50175 97147a0317c69be3c89d9f191e9675c5
 Turbolinux 8 Server
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/sendmail-8.12.10-8.i586.rpm
       436049 13eacebcbabe9eea7a6b542c7031bdf0
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/sendmail-cf-8.12.10-8.i586.rpm
       146578 79c76bf05849b10e977ea38eae997c40
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/sendmail-doc-8.12.10-8.i586.rpm
       429242 bde2633410e2d82cb11c381780af7257
 Turbolinux 8 Workstation
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/sendmail-8.13.6-4.i586.rpm
       410560 124687a9739be3737492f89443778f3e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/sendmail-cf-8.13.6-4.i586.rpm
       151336 ac438132fb154fc65f9d4c3d40febe3b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/sendmail-doc-8.13.6-4.i586.rpm
       418910 c94f9ee59e8a885cc19fb8d8661e13d9
 Turbolinux 7 Server
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/sendmail-8.13.6-4.i586.rpm
       406655 8eba7e25984856a8bd5a980b69a463cd
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/sendmail-cf-8.13.6-4.i586.rpm
       151408 f9f66e86d337a36bf9900764994c3a97
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/sendmail-doc-8.13.6-4.i586.rpm
       418952 b23bc9e300fb5c26971a7d00a238ac9e
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides applications vulnerabilities bulletins. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.