MGASA-2014-0270

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0270.html

Import Source

https://advisories.mageia.org/MGASA-2014-0270.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0270

Upstream

CVE-2014-3956

Published

2014-06-20T19:41:07Z

Modified

2026-04-16T06:24:13.817037002Z

Summary

Updated sendmail packages fix CVE-2014-3956

Details

Updated sendmail packages fix security vulnerability:

Sendmail before 8.14.9 does not properly closing file descriptors before executing programs. This bug could enable local users to interfere with an open SMTP connection if they can execute their own program for mail delivery (e.g., via procmail or the prog mailer) (CVE-2014-3956).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / sendmail

Package

Name: sendmail
Purl: pkg:rpm/mageia/sendmail?arch=source&distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.14.6-2.1.mga3

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0270.json"

Mageia:4 / sendmail

Package

Name: sendmail
Purl: pkg:rpm/mageia/sendmail?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.14.7-3.1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0270.json"