Debian DSA-278-1 : sendmail - char-to-int conversion
Critical Nessus Plugin ID 15115
SynopsisThe remote Debian host is missing a security-related update.
DescriptionMichal Zalewski discovered a buffer overflow, triggered by a char to int conversion, in the address parsing code in sendmail, a widely used powerful, efficient, and scalable mail transport agent. This problem is potentially remotely exploitable.
SolutionUpgrade the sendmail packages.
For the stable distribution (woody) this problem has been fixed in version 8.12.3-6.3.
For the old stable distribution (potato) this problem has been fixed in version 8.9.3-26.