<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2005:106 - Updated spamassassin packages fix DoS vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           spamassassin
 Advisory ID:            MDKSA-2005:106
 Date:                   June 28th, 2005

 Affected versions:      10.1, 10.2
 ______________________________________________________________________

 Problem Description:

 A Denial of Service bug was discovered in SpamAssassin.  An attacker
 could construct a particular message that would cause SpamAssassin to
 consume CPU resources.  If a large number of these messages were sent,
 it could lead to a DoS.  SpamAssassin 3.0.4 was released to correct
 this vulnerability, as well as other minor bug fixes, and is provided
 with this update.
 
 For full details on the changes from previous versions of SpamAssassin
 to this current version, please refer to the online documentation at
 http://wiki.apache.org/spamassassin/NextRelease.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 70c3144fdfc90df050e058e788724af2  
10.1/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.101mdk.i586.rpm
 a812132eaa7d2f5037b9d813a0ddb2d4  
10.1/RPMS/spamassassin-3.0.4-0.1.101mdk.i586.rpm
 34ac7694b8a0d4757dc1e9514cb89abe  
10.1/RPMS/spamassassin-spamc-3.0.4-0.1.101mdk.i586.rpm
 4771bb089113c7fcfe8fc76705c9a1d6  
10.1/RPMS/spamassassin-spamd-3.0.4-0.1.101mdk.i586.rpm
 3dc5eb25ed5fbaf97126987fa6fef2a0  
10.1/RPMS/spamassassin-tools-3.0.4-0.1.101mdk.i586.rpm
 5f5e0a9d95abf8a8c914b453a200622f  
10.1/SRPMS/spamassassin-3.0.4-0.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 907ae240ba0c1383ffac92b6e44bf9b8  
x86_64/10.1/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.101mdk.x86_64.rpm
 e4c381dce8549f1dcc0e193492344633  
x86_64/10.1/RPMS/spamassassin-3.0.4-0.1.101mdk.x86_64.rpm
 e519886d73606721c7d039a781e48bf8  
x86_64/10.1/RPMS/spamassassin-spamc-3.0.4-0.1.101mdk.x86_64.rpm
 cc9047d8bfc0f7dca47a8d20a4acdaba  
x86_64/10.1/RPMS/spamassassin-spamd-3.0.4-0.1.101mdk.x86_64.rpm
 30a1796d9714c2f97fe18543611861ee  
x86_64/10.1/RPMS/spamassassin-tools-3.0.4-0.1.101mdk.x86_64.rpm
 5f5e0a9d95abf8a8c914b453a200622f  
x86_64/10.1/SRPMS/spamassassin-3.0.4-0.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 968684a2cb5837f7b5c807e7cb84ac27  
10.2/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.102mdk.i586.rpm
 b674284aeb77b560fcabea2e5cb3ea76  
10.2/RPMS/spamassassin-3.0.4-0.1.102mdk.i586.rpm
 5fe7625fbea7970929efb0d34910d6e8  
10.2/RPMS/spamassassin-spamc-3.0.4-0.1.102mdk.i586.rpm
 ca728cf0e5e798758c0e3c1a89e52996  
10.2/RPMS/spamassassin-spamd-3.0.4-0.1.102mdk.i586.rpm
 94b9919c9afba79815ddf391f18ae9e7  
10.2/RPMS/spamassassin-tools-3.0.4-0.1.102mdk.i586.rpm
 c0f1a6eda5f0e91c5630e81f2ec4a04c  
10.2/SRPMS/spamassassin-3.0.4-0.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 e58fbab242a1dbfc66b9a038c9ad31ef  
x86_64/10.2/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.102mdk.x86_64.rpm
 f52acfcca9d854c597462ef96cd0d60e  
x86_64/10.2/RPMS/spamassassin-3.0.4-0.1.102mdk.x86_64.rpm
 434c6842488b18e288ed44e77ae83e9a  
x86_64/10.2/RPMS/spamassassin-spamc-3.0.4-0.1.102mdk.x86_64.rpm
 3e6d8eecb483210d5a7504da27d7c109  
x86_64/10.2/RPMS/spamassassin-spamd-3.0.4-0.1.102mdk.x86_64.rpm
 14af3895888adfcffd1ea48feeee38b8  
x86_64/10.2/RPMS/spamassassin-tools-3.0.4-0.1.102mdk.x86_64.rpm
 c0f1a6eda5f0e91c5630e81f2ec4a04c  
x86_64/10.2/SRPMS/spamassassin-3.0.4-0.1.102mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCwbJwmqjQ0CJFipgRAjI4AJ9oDGjcRP2Z5UUGBpZTH9ldn0iGmgCff8UQ
bK9gcCcIrGT00bRCOv1NinQ=
=Hdy6
-----END PGP SIGNATURE-----