New Vulnerability in Sendmail Revealed, Patch Available

Version 8.12.9 fixes one major, several minor problems. Released earlier than planned due to premature revelation of buffer overflow.

The Sendmail Consortium has released version 8.12.9 of the Sendmail Mail Transfer Agent (SMTP server) after a serious vulnerability having to do with the parsing of addresses was prematurely revealed by a third party.

As explained on the Sendmail site, the address parsing problem was a buffer overflow with potentially serious consequences. The advisory does not specifically recommend that administrators install the patches, but the use of the term critical security flaw is suggestive.