From: Mandriva Security Team <security@mandriva.com.>
To: [email protected]Subject: MDKSA-2005:106 - Updated spamassassin packages fix DoS vulnerabilities
Message-Id: <E1DnMf2-000449-OU@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Tue, 28 Jun 2005 14:26:24 -0600
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: spamassassin
Advisory ID: MDKSA-2005:106
Date: June 28th, 2005
Affected versions: 10.1, 10.2
______________________________________________________________________
Problem Description:
A Denial of Service bug was discovered in SpamAssassin. An attacker
could construct a particular message that would cause SpamAssassin to
consume CPU resources. If a large number of these messages were sent,
it could lead to a DoS. SpamAssassin 3.0.4 was released to correct
this vulnerability, as well as other minor bug fixes, and is provided
with this update.
For full details on the changes from previous versions of SpamAssassin
to this current version, please refer to the online documentation at
http://wiki.apache.org/spamassassin/NextRelease.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
70c3144fdfc90df050e058e788724af2 10.1/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.101mdk.i586.rpm
a812132eaa7d2f5037b9d813a0ddb2d4 10.1/RPMS/spamassassin-3.0.4-0.1.101mdk.i586.rpm
34ac7694b8a0d4757dc1e9514cb89abe 10.1/RPMS/spamassassin-spamc-3.0.4-0.1.101mdk.i586.rpm
4771bb089113c7fcfe8fc76705c9a1d6 10.1/RPMS/spamassassin-spamd-3.0.4-0.1.101mdk.i586.rpm
3dc5eb25ed5fbaf97126987fa6fef2a0 10.1/RPMS/spamassassin-tools-3.0.4-0.1.101mdk.i586.rpm
5f5e0a9d95abf8a8c914b453a200622f 10.1/SRPMS/spamassassin-3.0.4-0.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
907ae240ba0c1383ffac92b6e44bf9b8 x86_64/10.1/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.101mdk.x86_64.rpm
e4c381dce8549f1dcc0e193492344633 x86_64/10.1/RPMS/spamassassin-3.0.4-0.1.101mdk.x86_64.rpm
e519886d73606721c7d039a781e48bf8 x86_64/10.1/RPMS/spamassassin-spamc-3.0.4-0.1.101mdk.x86_64.rpm
cc9047d8bfc0f7dca47a8d20a4acdaba x86_64/10.1/RPMS/spamassassin-spamd-3.0.4-0.1.101mdk.x86_64.rpm
30a1796d9714c2f97fe18543611861ee x86_64/10.1/RPMS/spamassassin-tools-3.0.4-0.1.101mdk.x86_64.rpm
5f5e0a9d95abf8a8c914b453a200622f x86_64/10.1/SRPMS/spamassassin-3.0.4-0.1.101mdk.src.rpm
Mandrakelinux 10.2:
968684a2cb5837f7b5c807e7cb84ac27 10.2/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.102mdk.i586.rpm
b674284aeb77b560fcabea2e5cb3ea76 10.2/RPMS/spamassassin-3.0.4-0.1.102mdk.i586.rpm
5fe7625fbea7970929efb0d34910d6e8 10.2/RPMS/spamassassin-spamc-3.0.4-0.1.102mdk.i586.rpm
ca728cf0e5e798758c0e3c1a89e52996 10.2/RPMS/spamassassin-spamd-3.0.4-0.1.102mdk.i586.rpm
94b9919c9afba79815ddf391f18ae9e7 10.2/RPMS/spamassassin-tools-3.0.4-0.1.102mdk.i586.rpm
c0f1a6eda5f0e91c5630e81f2ec4a04c 10.2/SRPMS/spamassassin-3.0.4-0.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
e58fbab242a1dbfc66b9a038c9ad31ef x86_64/10.2/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.102mdk.x86_64.rpm
f52acfcca9d854c597462ef96cd0d60e x86_64/10.2/RPMS/spamassassin-3.0.4-0.1.102mdk.x86_64.rpm
434c6842488b18e288ed44e77ae83e9a x86_64/10.2/RPMS/spamassassin-spamc-3.0.4-0.1.102mdk.x86_64.rpm
3e6d8eecb483210d5a7504da27d7c109 x86_64/10.2/RPMS/spamassassin-spamd-3.0.4-0.1.102mdk.x86_64.rpm
14af3895888adfcffd1ea48feeee38b8 x86_64/10.2/RPMS/spamassassin-tools-3.0.4-0.1.102mdk.x86_64.rpm
c0f1a6eda5f0e91c5630e81f2ec4a04c x86_64/10.2/SRPMS/spamassassin-3.0.4-0.1.102mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCwbJwmqjQ0CJFipgRAjI4AJ9oDGjcRP2Z5UUGBpZTH9ldn0iGmgCff8UQ
bK9gcCcIrGT00bRCOv1NinQ=
=Hdy6
-----END PGP SIGNATURE-----