Hi,
The sendmail package in lucid has already been fixed for that issue.
>From the changelog:
sendmail (8.14.3-9.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-4565: incorrect verification of SSL certificate with NUL in
name (Closes: #564581)
I would appear your PCI vulnerability scan is simply looking at the
version in the banner to determine if it's vulnerable or not, which
isn't the right approach. Either tell your PCI compliance scanner vendor
to fix their scanner or configure sendmail not to display the version
number in the banner.
See: https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-4565
** Visibility changed to: Public
** Changed in: sendmail (Ubuntu)
Status: New => Invalid
--
Update sendmail due to vulnerability in 8.14.3
https://bugs.launchpad.net/bugs/604996
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
