Sendmail 8.11.4
Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.11.4. 8.11.4 revamps signal handling within the MTA in order to reduce the likelihood of a race condition that can lead to heap corruption as described in Michal Zalewski's advisory. The problems discussed in the advisory are not currently known to be exploitable but we recommend upgrading to 8.11.4 in case a method is found to exploit the signal handling race condition. 8.11.4 also fixes other bugs found since the release of 8.11.3.
See the release notes for complete details and other changes.
The release is available from:
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.11.4.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.11.4.tar.Z
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.11.4.tar.sig
with MD5 signatures:
5e224eeb0aab63b7c178728ae42f26a5 sendmail.8.11.4.tar.gz 45b2d3694a4fa952739aba82a2df3522 sendmail.8.11.4.tar.Z d2cd6011a6b395ea07091414be869152 sendmail.8.11.4.tar.sig
Since sendmail 8.11 and later releases include hooks to cryptography, the following information from OpenSSL applies to sendmail as well.
PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
