Sendmail 8.11.6
Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.11.6.
This new version fixes a security problem reported by SecurityFocus regarding command line processing. This vulnerability is present in sendmail open source versions between 8.11.0 and 8.11.5 as well as all 8.12.0.Beta versions.
The problem was not present in 8.10 or earlier versions. However, as always, we recommend using the latest version. Note that this problem is not remotely exploitable.8.11.6 is planned to be the final 8.11 release before 8.12.0 is released.
See the release notes for complete details and other changes.
The release is available from:
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.11.6.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.11.6.tar.Z
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.11.6.tar.sig
with MD5 signatures:
a57e7681d810d9d6400cbe6bbcf06aa0 sendmail.8.11.6.tar.gz db74e6149b3b47294dbceded31357ac5 sendmail.8.11.6.tar.Z a32edd9515e5d9d3bf54d1224909c93a sendmail.8.11.6.tar.sig
Since sendmail 8.11 and later releases include hooks to cryptography, the following information from OpenSSL applies to sendmail as well.
PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
