Table of Contents
Advertisement
Chapter 1. Package Updates
• The context for the named name server daemon, when running in a chrooted environment, was
incorrect, and with this update is labeled correctly.
• Attempting to save the firewall configuration with the service iptables save command
triggered an AVC denial. This update changes the default context for the /sbin/iptables-save
application to iptabels_exec_t so that the firewall configuration can be saved.
• Attempting to run a CGI script from a cgi-bin directory mounted on an NFS share resulted
in an AVC denial, whereas serving static pages from a public_html directory worked as
expected. CGI scripts can now be run from NFS-mounted directories given the correct permissions.
1950
(BZ#566557
)
• When the SELinux boolean ftp_home_dir was enabled, the allow_ftpd_anon_write boolean did
not take effect, and users could upload files to their home directories via anonymous FTP even
though write access should have been restricted by the value of allow_ftpd_anon_write. With this
update, the value of allow_ftpd_anon_write allows or permits anonymous FTP writes, as expected.
1951
(BZ#566975
)
All users are advised to upgrade to these updated packages, which resolve these issues.
1.188. sendmail
1.188.1. RHSA-2010:0237: Low security and bug fix update
Updated sendmail packages that fix two security issues and several bugs are now available for Red
Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low security impact. Common
Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available
for each vulnerability from the CVE links in the References section.
Sendmail is a very widely used Mail Transport Agent (MTA). MTAs deliver mail from one machine to
another. Sendmail is not a client program, but rather a behind-the-scenes daemon that moves email
over networks or the Internet to its final destination.
The configuration of sendmail in Red Hat Enterprise Linux was found to not reject the
"localhost.localdomain" domain name for email messages that come from external hosts. This could
allow remote attackers to disguise spoofed messages.
A flaw was found in the way sendmail handled NUL characters in the CommonName field of X.509
certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate
Authority could trick sendmail into accepting it by mistake, allowing the attacker to perform a man-in-
the-middle attack or bypass intended client certificate authentication.
CVE-2009-4565
Note: The
and CommonName checking enabled, which is not a typical configuration.
This update also fixes the following bugs:
1952
https://www.redhat.com/security/data/cve/CVE-2006-7176.html
1953
https://www.redhat.com/security/data/cve/CVE-2009-4565.html
1954
https://www.redhat.com/security/data/cve/CVE-2009-4565.html
242
1954
issue only affected configurations using TLS with certificate verification
1948
(BZ#562833
)
1952
(CVE-2006-7176
(CVE-2009-4565
1949
(BZ#564376
)
)
1953
)
Advertisement
Table of Contents
