- Sendmail, Inc. Releases
MIME Buffer Overflow Patch
Several e-mail clients have recently been shown to have buffer overflows that may allow attackers to execute arbitrary commands on users' machines. Sendmail, Inc. has produced a patch for sendmail 8.9.1 that will proactively defend against such attacks. It is important to note that sendmail itself is not vulnerable to these attacks. By truncating long MIME headers before they arrive in end users' mailboxes, such attacks can be deflected before they can do damage. This patch is included in the current release. - December 31, 1998:
sendmail 8.9.2 released.
This version fixes an accept Denial of Service attack on Linux systems
and has enhanced support for Berkeley DB 2.x,
as well as other minor fixes.
(If you want the MIME Buffer Overflow patch,
be sure to compile with
-D_FFR_MAX_MIME_HEADER_LENGTH. This option will be included by default in sendmail 8.10.)
- Release Notes for the current version.
- Known Bugs - not always up to date.
Please read the FAQ, as well as Compiling and Configuration pages, before asking questions of the sendmail maintainers.
- E-mail Addresses
- Usenet News & Public Mailing Lists
- Books
- Classes
- Other Sendmail Related Links
- Other Non-Sendmail Related Links
