[ MDKSA-2007:049 ] - Updated spamassassin packages fix DoS vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:049
http://www.mandriva.com/security/
_______________________________________________________________________
Package : spamassassin
Date : February 23, 2007
Affected: 2007.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A bug in the way that SpamAssassin processes HTML emails containing
URIs was discovered in versions 3.1.x. A carefully crafted mail
message could make SpamAssassin consume significant amounts of CPU
resources that could delay or prevent the delivery of mail if a
number of these messages were sent at once.
SpamAssassin has been upgraded to version 3.1.8 to correct this
problem, and other upstream bugs. In addition, an invalid path setting
in local.cf for the auto_whitelist_path has been fixed for Mandriva
2007.0.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0451
http://qa.mandriva.com/show_bug.cgi?id=27424
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
d650293a8726a25c4fd3fac01058f758
2007.0/i586/perl-Mail-SpamAssassin-3.1.8-0.1mdv2007.0.i586.rpm
721c1aeebf3bf0eda9e82f165cebcd7b
2007.0/i586/spamassassin-3.1.8-0.1mdv2007.0.i586.rpm
bb191e955876ae1cd3a39a694f5c6259
2007.0/i586/spamassassin-spamc-3.1.8-0.1mdv2007.0.i586.rpm
845c7c94d98f06bdcc2949ea2cf3272b
2007.0/i586/spamassassin-spamd-3.1.8-0.1mdv2007.0.i586.rpm
730d7cb8c61a3c40149ffdabb3a2a039
2007.0/i586/spamassassin-tools-3.1.8-0.1mdv2007.0.i586.rpm
ad0a0132bf2cea709038ae72af5ad72b
2007.0/SRPMS/spamassassin-3.1.8-0.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
74e606f97f5d341eaaa7f1fae29af965
2007.0/x86_64/perl-Mail-SpamAssassin-3.1.8-0.1mdv2007.0.x86_64.rpm
b75394411af4c61a6e273ae0bfdd0cdb
2007.0/x86_64/spamassassin-3.1.8-0.1mdv2007.0.x86_64.rpm
841dbbe7e13527bbed478c4ee1673824
2007.0/x86_64/spamassassin-spamc-3.1.8-0.1mdv2007.0.x86_64.rpm
b0033170128717b308172d1be62d2fea
2007.0/x86_64/spamassassin-spamd-3.1.8-0.1mdv2007.0.x86_64.rpm
8cda04c353a295fe889b0373dd70c657
2007.0/x86_64/spamassassin-tools-3.1.8-0.1mdv2007.0.x86_64.rpm
ad0a0132bf2cea709038ae72af5ad72b
2007.0/SRPMS/spamassassin-3.1.8-0.1mdv2007.0.src.rpm
Corporate 4.0:
1cacb51bf040c259c069fa608e0e2c49
corporate/4.0/i586/perl-Mail-SpamAssassin-3.1.8-0.1.20060mlcs4.i586.rpm
f05942822badb56e42aa93f0b5717a58
corporate/4.0/i586/spamassassin-3.1.8-0.1.20060mlcs4.i586.rpm
8a70c211b6b9f900aeadcb701a82de08
corporate/4.0/i586/spamassassin-spamc-3.1.8-0.1.20060mlcs4.i586.rpm
cf64b92a8f7bf9e10f82e6ae5ff83d94
corporate/4.0/i586/spamassassin-spamd-3.1.8-0.1.20060mlcs4.i586.rpm
f58b265feb70a6129bb747e52d9b968e
corporate/4.0/i586/spamassassin-tools-3.1.8-0.1.20060mlcs4.i586.rpm
663e6ce1d90085aea5840934b742641b
corporate/4.0/SRPMS/spamassassin-3.1.8-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
69f4a1ef34a46eaf071d157dab7a19a1
corporate/4.0/x86_64/perl-Mail-SpamAssassin-3.1.8-0.1.20060mlcs4.x86_64.rpm
f18bd5698dfc5342984b6f2d0d15606f
corporate/4.0/x86_64/spamassassin-3.1.8-0.1.20060mlcs4.x86_64.rpm
87b7259668e39af9187acd29cd59a872
corporate/4.0/x86_64/spamassassin-spamc-3.1.8-0.1.20060mlcs4.x86_64.rpm
533fee6c7f174f9964584864d6da08e7
corporate/4.0/x86_64/spamassassin-spamd-3.1.8-0.1.20060mlcs4.x86_64.rpm
7a0df8727eb4f3024325995b920b47a7
corporate/4.0/x86_64/spamassassin-tools-3.1.8-0.1.20060mlcs4.x86_64.rpm
663e6ce1d90085aea5840934b742641b
corporate/4.0/SRPMS/spamassassin-3.1.8-0.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF30eemqjQ0CJFipgRAtogAKDGcmYv5ExJQdbQp8BIbj6Nst3cUQCgytlu
z4crGBL8AKM8dTZU0ps/Sy8=
=uiOS
-----END PGP SIGNATURE-----