Security fixes for Sendmail - Update
Version 8.14.4 of Sendmail, the open source mail transfer agent (MTA), includes fixes for several security vulnerabilities including some integer overflows, memory leaks and for the SSL NUL character problem disclosed in mid 2009. The release also corrects a resolution error where an apparently valid host name lookup contained a NULL pointer; this problem caused crashes on some Linux versions of the software. The update also includes a number of corrections for several non-security issues.
Update - The SSL NUL character problem was the only security related issue. According to Sendmail Maintainer Claus Assmann, the other errors do not affect the security of the server.
See also:
- 8.14.4 Release notes, details on Sendmail.org.
- SSL flaw revealed at Black Hat, a report from The H.
(djwm)