Amazon Linux 2023 Security Advisory: ALAS2023-2026-1818
Advisory Released Date: 2026-06-08
Advisory Updated Date: 2026-06-08
Severity:
Medium
Issue Overview:
sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. (CVE-2023-51765)
Affected Packages:
sendmail
Issue Correction:
Run dnf update sendmail --releasever 2023.12.20260608 or dnf update --advisory ALAS2023-2026-1818 --releasever 2023.12.20260608 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation
New Packages:
aarch64:
sendmail-debuginfo-8.18.2-2.amzn2023.0.1.aarch64
sendmail-milter-devel-8.18.2-2.amzn2023.0.1.aarch64
sendmail-milter-debuginfo-8.18.2-2.amzn2023.0.1.aarch64
sendmail-milter-8.18.2-2.amzn2023.0.1.aarch64
sendmail-debugsource-8.18.2-2.amzn2023.0.1.aarch64
sendmail-8.18.2-2.amzn2023.0.1.aarch64
noarch:
sendmail-doc-8.18.2-2.amzn2023.0.1.noarch
sendmail-cf-8.18.2-2.amzn2023.0.1.noarch
src:
sendmail-8.18.2-2.amzn2023.0.1.src
x86_64:
sendmail-debugsource-8.18.2-2.amzn2023.0.1.x86_64
sendmail-milter-8.18.2-2.amzn2023.0.1.x86_64
sendmail-milter-debuginfo-8.18.2-2.amzn2023.0.1.x86_64
sendmail-debuginfo-8.18.2-2.amzn2023.0.1.x86_64
sendmail-milter-devel-8.18.2-2.amzn2023.0.1.x86_64
sendmail-8.18.2-2.amzn2023.0.1.x86_64