<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2007:049 ] - Updated spamassassin packages fix DoS vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:049
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : spamassassin
 Date    : February 23, 2007
 Affected: 2007.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A bug in the way that SpamAssassin processes HTML emails containing
 URIs was discovered in versions 3.1.x.  A carefully crafted mail
 message could make SpamAssassin consume significant amounts of CPU
 resources that could delay or prevent the delivery of mail if a
 number of these messages were sent at once.
 
 SpamAssassin has been upgraded to version 3.1.8 to correct this
 problem, and other upstream bugs.  In addition, an invalid path setting
 in local.cf for the auto_whitelist_path has been fixed for Mandriva
 2007.0.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0451
 http://qa.mandriva.com/show_bug.cgi?id=27424
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 d650293a8726a25c4fd3fac01058f758  
2007.0/i586/perl-Mail-SpamAssassin-3.1.8-0.1mdv2007.0.i586.rpm
 721c1aeebf3bf0eda9e82f165cebcd7b  
2007.0/i586/spamassassin-3.1.8-0.1mdv2007.0.i586.rpm
 bb191e955876ae1cd3a39a694f5c6259  
2007.0/i586/spamassassin-spamc-3.1.8-0.1mdv2007.0.i586.rpm
 845c7c94d98f06bdcc2949ea2cf3272b  
2007.0/i586/spamassassin-spamd-3.1.8-0.1mdv2007.0.i586.rpm
 730d7cb8c61a3c40149ffdabb3a2a039  
2007.0/i586/spamassassin-tools-3.1.8-0.1mdv2007.0.i586.rpm 
 ad0a0132bf2cea709038ae72af5ad72b  
2007.0/SRPMS/spamassassin-3.1.8-0.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 74e606f97f5d341eaaa7f1fae29af965  
2007.0/x86_64/perl-Mail-SpamAssassin-3.1.8-0.1mdv2007.0.x86_64.rpm
 b75394411af4c61a6e273ae0bfdd0cdb  
2007.0/x86_64/spamassassin-3.1.8-0.1mdv2007.0.x86_64.rpm
 841dbbe7e13527bbed478c4ee1673824  
2007.0/x86_64/spamassassin-spamc-3.1.8-0.1mdv2007.0.x86_64.rpm
 b0033170128717b308172d1be62d2fea  
2007.0/x86_64/spamassassin-spamd-3.1.8-0.1mdv2007.0.x86_64.rpm
 8cda04c353a295fe889b0373dd70c657  
2007.0/x86_64/spamassassin-tools-3.1.8-0.1mdv2007.0.x86_64.rpm 
 ad0a0132bf2cea709038ae72af5ad72b  
2007.0/SRPMS/spamassassin-3.1.8-0.1mdv2007.0.src.rpm

 Corporate 4.0:
 1cacb51bf040c259c069fa608e0e2c49  
corporate/4.0/i586/perl-Mail-SpamAssassin-3.1.8-0.1.20060mlcs4.i586.rpm
 f05942822badb56e42aa93f0b5717a58  
corporate/4.0/i586/spamassassin-3.1.8-0.1.20060mlcs4.i586.rpm
 8a70c211b6b9f900aeadcb701a82de08  
corporate/4.0/i586/spamassassin-spamc-3.1.8-0.1.20060mlcs4.i586.rpm
 cf64b92a8f7bf9e10f82e6ae5ff83d94  
corporate/4.0/i586/spamassassin-spamd-3.1.8-0.1.20060mlcs4.i586.rpm
 f58b265feb70a6129bb747e52d9b968e  
corporate/4.0/i586/spamassassin-tools-3.1.8-0.1.20060mlcs4.i586.rpm 
 663e6ce1d90085aea5840934b742641b  
corporate/4.0/SRPMS/spamassassin-3.1.8-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 69f4a1ef34a46eaf071d157dab7a19a1  
corporate/4.0/x86_64/perl-Mail-SpamAssassin-3.1.8-0.1.20060mlcs4.x86_64.rpm
 f18bd5698dfc5342984b6f2d0d15606f  
corporate/4.0/x86_64/spamassassin-3.1.8-0.1.20060mlcs4.x86_64.rpm
 87b7259668e39af9187acd29cd59a872  
corporate/4.0/x86_64/spamassassin-spamc-3.1.8-0.1.20060mlcs4.x86_64.rpm
 533fee6c7f174f9964584864d6da08e7  
corporate/4.0/x86_64/spamassassin-spamd-3.1.8-0.1.20060mlcs4.x86_64.rpm
 7a0df8727eb4f3024325995b920b47a7  
corporate/4.0/x86_64/spamassassin-tools-3.1.8-0.1.20060mlcs4.x86_64.rpm 
 663e6ce1d90085aea5840934b742641b  
corporate/4.0/SRPMS/spamassassin-3.1.8-0.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF30eemqjQ0CJFipgRAtogAKDGcmYv5ExJQdbQp8BIbj6Nst3cUQCgytlu
z4crGBL8AKM8dTZU0ps/Sy8=
=uiOS
-----END PGP SIGNATURE-----