| Sendmail released a low risk security advisory on June 14th 2006. The Sendmail Advisory is located at http://www.sendmail.com/security/advisories/SA-200605-01.txt.asc. F-Secure Messaging Security Gateway products use Sendmail.
During message delivery, certain deeply nested malformed MIME messages can cause the MIME 8-bit to 7-bit conversion routine to exhaust the per-process stack space memory available and cause that process to abort. Depending on system configuration, this may also cause a core dump for that process to be written to disk.
Hotfix is distributed automatically by the delivery system. Users of these products do not need to take any action. This means that virtually all affected systems will be patched automatically shortly after publication of this advisory.
This vulnerability is being tracked as CVE-2006-1173 and can be found at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173.
How to validate that patch has been installed:The user can validate patch installation by opening the Administration Console and checking System - Update Service. The patch should be listed under Software Patch History as patch_0000251.
|
