Date: 18 Aug 2004 22:28:32 -0000
From: Mandrake Linux Security Team <[email protected]>
To: [email protected]Subject: MDKSA-2004:084 - Updated spamassassin packages fixes possible malformed message vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: spamassassin
Advisory ID: MDKSA-2004:084
Date: August 18th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Security fix prevents a denial of service attack open to certain
malformed messages; this DoS affects all SpamAssassin 2.5x and 2.6x
versions to date.
_______________________________________________________________________
References:
http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767&w=2
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
5b523cae997b928ef74bcb147bc3dc58 10.0/RPMS/spamassassin-2.63-2.1.100mdk.i586.rpm
648b4aec9d3839102474a18665eb417a 10.0/RPMS/spamassassin-tools-2.63-2.1.100mdk.i586.rpm
764a571c8f7d0ba495da185a1c1ad1fd 10.0/RPMS/perl-Mail-SpamAssassin-2.63-2.1.100mdk.i586.rpm
aeec218cb9e05fc9e0a39b6232b3ffb0 10.0/SRPMS/spamassassin-2.63-2.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
09df0a5b383eb0d41575a1f529ab5c0a amd64/10.0/RPMS/spamassassin-2.63-2.1.100mdk.amd64.rpm
55400288a24bee8fc161ff6ee09a43bf amd64/10.0/RPMS/spamassassin-tools-2.63-2.1.100mdk.amd64.rpm
3e80a6cf3cc98ca8e50f038462542dfc amd64/10.0/RPMS/perl-Mail-SpamAssassin-2.63-2.1.100mdk.amd64.rpm
aeec218cb9e05fc9e0a39b6232b3ffb0 amd64/10.0/SRPMS/spamassassin-2.63-2.1.100mdk.src.rpm
Corporate Server 2.1/x86_64:
308c5c891528d7647a859a0e06c476c4 x86_64/corporate/2.1/RPMS/spamassassin-2.53-1.1.C21mdk.x86_64.rpm
9d8fa372922261e3c9a7d972a4ddb4da x86_64/corporate/2.1/RPMS/spamassassin-tools-2.53-1.1.C21mdk.x86_64.rpm
324109473351331503ebf0e949a5eacf x86_64/corporate/2.1/RPMS/perl-Mail-SpamAssassin-2.53-1.1.C21mdk.x86_64.rpm
bb4068503f9f85f1174c312edaa42c50 x86_64/corporate/2.1/SRPMS/spamassassin-2.53-1.1.C21mdk.src.rpm
Mandrakelinux 9.1:
2cae1384e9d5681afaf33bb987666e38 9.1/RPMS/spamassassin-2.44-1.1.91mdk.i586.rpm
f9de623c91ad5fea6a77278fb3c806e2 9.1/RPMS/spamassassin-tools-2.44-1.1.91mdk.i586.rpm
c6e83539afe0d816aa7aa60423ec25f5 9.1/RPMS/perl-Mail-SpamAssassin-2.44-1.1.91mdk.i586.rpm
816b118e15d228db4073242470a0544c 9.1/SRPMS/spamassassin-2.44-1.1.91mdk.src.rpm
Mandrakelinux 9.1/PPC:
c8746cb07bb27db5525745d7596dd1bb ppc/9.1/RPMS/spamassassin-2.44-1.1.91mdk.ppc.rpm
87623c4ec0adff188646c7d07d153c69 ppc/9.1/RPMS/spamassassin-tools-2.44-1.1.91mdk.ppc.rpm
da8537bffa927c435c4fef88fbbee4eb ppc/9.1/RPMS/perl-Mail-SpamAssassin-2.44-1.1.91mdk.ppc.rpm
816b118e15d228db4073242470a0544c ppc/9.1/SRPMS/spamassassin-2.44-1.1.91mdk.src.rpm
Mandrakelinux 9.2:
321c26941160d803263f1f49e9fb0b80 9.2/RPMS/spamassassin-2.55-2.1.92mdk.i586.rpm
4e81f648eaf1a4cfefa4997fe13eb2c9 9.2/RPMS/spamassassin-tools-2.55-2.1.92mdk.i586.rpm
4408fec0d9a9a6a84a2d01345a8a3b37 9.2/RPMS/perl-Mail-SpamAssassin-2.55-2.1.92mdk.i586.rpm
677be35edf38a7363f3714092b12439a 9.2/SRPMS/spamassassin-2.55-2.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
61a2929f0ef503d24252b083692356f1 amd64/9.2/RPMS/spamassassin-2.55-2.1.92mdk.amd64.rpm
2823caa21693d9d430624dd5e15e7c84 amd64/9.2/RPMS/spamassassin-tools-2.55-2.1.92mdk.amd64.rpm
1e9fa6fc40a39e3a7c55a67b6b9daa81 amd64/9.2/RPMS/perl-Mail-SpamAssassin-2.55-2.1.92mdk.amd64.rpm
677be35edf38a7363f3714092b12439a amd64/9.2/SRPMS/spamassassin-2.55-2.1.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBI9gQmqjQ0CJFipgRAtJbAKDHJT659KOaPTO6DaNVcnBdfaYzHQCgrlMN
m5/VpkqzBgS6D+P5/Q8esYg=
=GusY
-----END PGP SIGNATURE-----