<<< Date Index >>>     <<< Thread Index >>>

Re: MDKSA-2004:084 - Updated spamassassin packages fixes possible malformed message vulnerability (OpenBSD 3.5 too??)



Has anyone determined whether this DoS also affects these versions of 
Spamassassin when running on
OpenBSD 3.5 ?  If so, is there an applicable patch for that O.S. as well?

Thanks!
Joel Kinard
Global Compliance Services
Charlotte, NC
+



--- Mandrake Linux Security Team <security@xxxxxxxxxxxxxxxxxx> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
>  _______________________________________________________________________
> 
>                  Mandrakelinux Security Update Advisory
>  _______________________________________________________________________
> 
>  Package name:           spamassassin
>  Advisory ID:            MDKSA-2004:084
>  Date:                   August 18th, 2004
> 
>  Affected versions:    10.0, 9.1, 9.2, Corporate Server 2.1
>  ______________________________________________________________________
> 
>  Problem Description:
> 
>  Security fix prevents a denial of service attack open to certain
>  malformed messages; this DoS affects all SpamAssassin 2.5x and 2.6x
>  versions to date.
>  _______________________________________________________________________
> 
>  References:
> 
>   http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767&w=2
>  ______________________________________________________________________
> 
>  Updated Packages:
>   
>  Mandrakelinux 10.0:
>  5b523cae997b928ef74bcb147bc3dc58  
> 10.0/RPMS/spamassassin-2.63-2.1.100mdk.i586.rpm
>  648b4aec9d3839102474a18665eb417a  
> 10.0/RPMS/spamassassin-tools-2.63-2.1.100mdk.i586.rpm
>  764a571c8f7d0ba495da185a1c1ad1fd  
> 10.0/RPMS/perl-Mail-SpamAssassin-2.63-2.1.100mdk.i586.rpm
>  aeec218cb9e05fc9e0a39b6232b3ffb0  
> 10.0/SRPMS/spamassassin-2.63-2.1.100mdk.src.rpm
> 
>  Mandrakelinux 10.0/AMD64:
>  09df0a5b383eb0d41575a1f529ab5c0a  
> amd64/10.0/RPMS/spamassassin-2.63-2.1.100mdk.amd64.rpm
>  55400288a24bee8fc161ff6ee09a43bf  
> amd64/10.0/RPMS/spamassassin-tools-2.63-2.1.100mdk.amd64.rpm
>  3e80a6cf3cc98ca8e50f038462542dfc 
> amd64/10.0/RPMS/perl-Mail-SpamAssassin-2.63-2.1.100mdk.amd64.rpm
>  aeec218cb9e05fc9e0a39b6232b3ffb0  
> amd64/10.0/SRPMS/spamassassin-2.63-2.1.100mdk.src.rpm
> 
>  Corporate Server 2.1/x86_64:
>  308c5c891528d7647a859a0e06c476c4 
> x86_64/corporate/2.1/RPMS/spamassassin-2.53-1.1.C21mdk.x86_64.rpm
>  9d8fa372922261e3c9a7d972a4ddb4da 
> x86_64/corporate/2.1/RPMS/spamassassin-tools-2.53-1.1.C21mdk.x86_64.rpm
>  324109473351331503ebf0e949a5eacf 
> x86_64/corporate/2.1/RPMS/perl-Mail-SpamAssassin-2.53-1.1.C21mdk.x86_64.rpm
>  bb4068503f9f85f1174c312edaa42c50 
> x86_64/corporate/2.1/SRPMS/spamassassin-2.53-1.1.C21mdk.src.rpm
> 
>  Mandrakelinux 9.1:
>  2cae1384e9d5681afaf33bb987666e38  
> 9.1/RPMS/spamassassin-2.44-1.1.91mdk.i586.rpm
>  f9de623c91ad5fea6a77278fb3c806e2  
> 9.1/RPMS/spamassassin-tools-2.44-1.1.91mdk.i586.rpm
>  c6e83539afe0d816aa7aa60423ec25f5  
> 9.1/RPMS/perl-Mail-SpamAssassin-2.44-1.1.91mdk.i586.rpm
>  816b118e15d228db4073242470a0544c  
> 9.1/SRPMS/spamassassin-2.44-1.1.91mdk.src.rpm
> 
>  Mandrakelinux 9.1/PPC:
>  c8746cb07bb27db5525745d7596dd1bb  
> ppc/9.1/RPMS/spamassassin-2.44-1.1.91mdk.ppc.rpm
>  87623c4ec0adff188646c7d07d153c69  
> ppc/9.1/RPMS/spamassassin-tools-2.44-1.1.91mdk.ppc.rpm
>  da8537bffa927c435c4fef88fbbee4eb  
> ppc/9.1/RPMS/perl-Mail-SpamAssassin-2.44-1.1.91mdk.ppc.rpm
>  816b118e15d228db4073242470a0544c  
> ppc/9.1/SRPMS/spamassassin-2.44-1.1.91mdk.src.rpm
> 
>  Mandrakelinux 9.2:
>  321c26941160d803263f1f49e9fb0b80  
> 9.2/RPMS/spamassassin-2.55-2.1.92mdk.i586.rpm
>  4e81f648eaf1a4cfefa4997fe13eb2c9  
> 9.2/RPMS/spamassassin-tools-2.55-2.1.92mdk.i586.rpm
>  4408fec0d9a9a6a84a2d01345a8a3b37  
> 9.2/RPMS/perl-Mail-SpamAssassin-2.55-2.1.92mdk.i586.rpm
>  677be35edf38a7363f3714092b12439a  
> 9.2/SRPMS/spamassassin-2.55-2.1.92mdk.src.rpm
> 
>  Mandrakelinux 9.2/AMD64:
>  61a2929f0ef503d24252b083692356f1  
> amd64/9.2/RPMS/spamassassin-2.55-2.1.92mdk.amd64.rpm
>  2823caa21693d9d430624dd5e15e7c84  
> amd64/9.2/RPMS/spamassassin-tools-2.55-2.1.92mdk.amd64.rpm
>  1e9fa6fc40a39e3a7c55a67b6b9daa81 
> amd64/9.2/RPMS/perl-Mail-SpamAssassin-2.55-2.1.92mdk.amd64.rpm
>  677be35edf38a7363f3714092b12439a  
> amd64/9.2/SRPMS/spamassassin-2.55-2.1.92mdk.src.rpm
>  _______________________________________________________________________
> 
>  To upgrade automatically use MandrakeUpdate or urpmi.  The verification
>  of md5 checksums and GPG signatures is performed automatically for you.
> 
>  All packages are signed by Mandrakesoft for security.  You can obtain
>  the GPG public key of the Mandrakelinux Security Team by executing:
> 
>   gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
> 
>  You can view other update advisories for Mandrakelinux at:
> 
>   http://www.mandrakesoft.com/security/advisories
> 
>  If you want to report vulnerabilities, please contact
> 
>   security_linux-mandrake.com
> 
>  Type Bits/KeyID     Date       User ID
>  pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
>   <security linux-mandrake.com>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
> 
> iD8DBQFBI9gQmqjQ0CJFipgRAtJbAKDHJT659KOaPTO6DaNVcnBdfaYzHQCgrlMN
> m5/VpkqzBgS6D+P5/Q8esYg=
> =GusY
> -----END PGP SIGNATURE-----
> 



                
_______________________________
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.com/goldrush