Re: MDKSA-2004:084 - Updated spamassassin packages fixes possible malformed message vulnerability (OpenBSD 3.5 too??)
Has anyone determined whether this DoS also affects these versions of
Spamassassin when running on
OpenBSD 3.5 ? If so, is there an applicable patch for that O.S. as well?
Thanks!
Joel Kinard
Global Compliance Services
Charlotte, NC
+
--- Mandrake Linux Security Team <security@xxxxxxxxxxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> _______________________________________________________________________
>
> Mandrakelinux Security Update Advisory
> _______________________________________________________________________
>
> Package name: spamassassin
> Advisory ID: MDKSA-2004:084
> Date: August 18th, 2004
>
> Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1
> ______________________________________________________________________
>
> Problem Description:
>
> Security fix prevents a denial of service attack open to certain
> malformed messages; this DoS affects all SpamAssassin 2.5x and 2.6x
> versions to date.
> _______________________________________________________________________
>
> References:
>
> http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767&w=2
> ______________________________________________________________________
>
> Updated Packages:
>
> Mandrakelinux 10.0:
> 5b523cae997b928ef74bcb147bc3dc58
> 10.0/RPMS/spamassassin-2.63-2.1.100mdk.i586.rpm
> 648b4aec9d3839102474a18665eb417a
> 10.0/RPMS/spamassassin-tools-2.63-2.1.100mdk.i586.rpm
> 764a571c8f7d0ba495da185a1c1ad1fd
> 10.0/RPMS/perl-Mail-SpamAssassin-2.63-2.1.100mdk.i586.rpm
> aeec218cb9e05fc9e0a39b6232b3ffb0
> 10.0/SRPMS/spamassassin-2.63-2.1.100mdk.src.rpm
>
> Mandrakelinux 10.0/AMD64:
> 09df0a5b383eb0d41575a1f529ab5c0a
> amd64/10.0/RPMS/spamassassin-2.63-2.1.100mdk.amd64.rpm
> 55400288a24bee8fc161ff6ee09a43bf
> amd64/10.0/RPMS/spamassassin-tools-2.63-2.1.100mdk.amd64.rpm
> 3e80a6cf3cc98ca8e50f038462542dfc
> amd64/10.0/RPMS/perl-Mail-SpamAssassin-2.63-2.1.100mdk.amd64.rpm
> aeec218cb9e05fc9e0a39b6232b3ffb0
> amd64/10.0/SRPMS/spamassassin-2.63-2.1.100mdk.src.rpm
>
> Corporate Server 2.1/x86_64:
> 308c5c891528d7647a859a0e06c476c4
> x86_64/corporate/2.1/RPMS/spamassassin-2.53-1.1.C21mdk.x86_64.rpm
> 9d8fa372922261e3c9a7d972a4ddb4da
> x86_64/corporate/2.1/RPMS/spamassassin-tools-2.53-1.1.C21mdk.x86_64.rpm
> 324109473351331503ebf0e949a5eacf
> x86_64/corporate/2.1/RPMS/perl-Mail-SpamAssassin-2.53-1.1.C21mdk.x86_64.rpm
> bb4068503f9f85f1174c312edaa42c50
> x86_64/corporate/2.1/SRPMS/spamassassin-2.53-1.1.C21mdk.src.rpm
>
> Mandrakelinux 9.1:
> 2cae1384e9d5681afaf33bb987666e38
> 9.1/RPMS/spamassassin-2.44-1.1.91mdk.i586.rpm
> f9de623c91ad5fea6a77278fb3c806e2
> 9.1/RPMS/spamassassin-tools-2.44-1.1.91mdk.i586.rpm
> c6e83539afe0d816aa7aa60423ec25f5
> 9.1/RPMS/perl-Mail-SpamAssassin-2.44-1.1.91mdk.i586.rpm
> 816b118e15d228db4073242470a0544c
> 9.1/SRPMS/spamassassin-2.44-1.1.91mdk.src.rpm
>
> Mandrakelinux 9.1/PPC:
> c8746cb07bb27db5525745d7596dd1bb
> ppc/9.1/RPMS/spamassassin-2.44-1.1.91mdk.ppc.rpm
> 87623c4ec0adff188646c7d07d153c69
> ppc/9.1/RPMS/spamassassin-tools-2.44-1.1.91mdk.ppc.rpm
> da8537bffa927c435c4fef88fbbee4eb
> ppc/9.1/RPMS/perl-Mail-SpamAssassin-2.44-1.1.91mdk.ppc.rpm
> 816b118e15d228db4073242470a0544c
> ppc/9.1/SRPMS/spamassassin-2.44-1.1.91mdk.src.rpm
>
> Mandrakelinux 9.2:
> 321c26941160d803263f1f49e9fb0b80
> 9.2/RPMS/spamassassin-2.55-2.1.92mdk.i586.rpm
> 4e81f648eaf1a4cfefa4997fe13eb2c9
> 9.2/RPMS/spamassassin-tools-2.55-2.1.92mdk.i586.rpm
> 4408fec0d9a9a6a84a2d01345a8a3b37
> 9.2/RPMS/perl-Mail-SpamAssassin-2.55-2.1.92mdk.i586.rpm
> 677be35edf38a7363f3714092b12439a
> 9.2/SRPMS/spamassassin-2.55-2.1.92mdk.src.rpm
>
> Mandrakelinux 9.2/AMD64:
> 61a2929f0ef503d24252b083692356f1
> amd64/9.2/RPMS/spamassassin-2.55-2.1.92mdk.amd64.rpm
> 2823caa21693d9d430624dd5e15e7c84
> amd64/9.2/RPMS/spamassassin-tools-2.55-2.1.92mdk.amd64.rpm
> 1e9fa6fc40a39e3a7c55a67b6b9daa81
> amd64/9.2/RPMS/perl-Mail-SpamAssassin-2.55-2.1.92mdk.amd64.rpm
> 677be35edf38a7363f3714092b12439a
> amd64/9.2/SRPMS/spamassassin-2.55-2.1.92mdk.src.rpm
> _______________________________________________________________________
>
> To upgrade automatically use MandrakeUpdate or urpmi. The verification
> of md5 checksums and GPG signatures is performed automatically for you.
>
> All packages are signed by Mandrakesoft for security. You can obtain
> the GPG public key of the Mandrakelinux Security Team by executing:
>
> gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
>
> You can view other update advisories for Mandrakelinux at:
>
> http://www.mandrakesoft.com/security/advisories
>
> If you want to report vulnerabilities, please contact
>
> security_linux-mandrake.com
>
> Type Bits/KeyID Date User ID
> pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
> <security linux-mandrake.com>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
>
> iD8DBQFBI9gQmqjQ0CJFipgRAtJbAKDHJT659KOaPTO6DaNVcnBdfaYzHQCgrlMN
> m5/VpkqzBgS6D+P5/Q8esYg=
> =GusY
> -----END PGP SIGNATURE-----
>
_______________________________
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.com/goldrush