User: Password:
Subscribe / Log in / New account

OpenPKG alert OpenPKG-SA-2005.015 (spamassassin)

From:  OpenPKG <>
Subject:  [OpenPKG-SA-2005.015] OpenPKG Security Advisory (spamassassin)
Date:  Thu, 28 Jul 2005 13:11:11 +0200

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project OpenPKG-SA-2005.015 28-Jul-2005 ________________________________________________________________________ Package: spamassassin Vulnerability: denial of service OpenPKG Specific: no Affected Releases: Affected Packages: Corrected Packages: OpenPKG CURRENT <= spamassassin-3.0.3-20050603 >= spamassassin-3.0.4-20050725 OpenPKG 2.4 <= spamassassin-3.0.3-2.4.0 >= spamassassin-3.0.3-2.4.1 OpenPKG 2.3 <= spamassassin-3.0.2-2.3.0 >= spamassassin-3.0.2-2.3.1 Dependent Packages: none Description: A Denial of Service (DoS) vulnerability exists in the Email spam filter SpamAssassin [1]. The problem can be exploited by sending certain malformed Email headers. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2005-1266 [2] to the problem. Please check whether you are affected by running "<prefix>/bin/openpkg rpm -q spamassassin". If you have the "spamassassin" package installed and its version is affected (see above), we recommend that you immediately upgrade it (see Solution) [3][4]. Solution: Select the updated source RPM appropriate for your OpenPKG release [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror location, verify its integrity [9], build a corresponding binary RPM from it [3] and update your OpenPKG installation by applying the binary RPM [4]. For the latest release OpenPKG 2.4, perform the following operations to permanently fix the security problem (for other releases adjust accordingly). $ ftp ftp> bin ftp> cd release/2.4/UPD ftp> get spamassassin-3.0.3-2.4.1.src.rpm ftp> bye $ <prefix>/bin/openpkg rpm -v --checksig spamassassin-3.0.3-2.4.1.src.rpm $ <prefix>/bin/openpkg rpm --rebuild spamassassin-3.0.3-2.4.1.src.rpm $ su - # <prefix>/bin/openpkg rpm -Fvh <prefix>/RPM/PKG/spamassassin-3.0.3-2.4.1.*.rpm ________________________________________________________________________ References: [1] [2] [3] [4] [5] [6] [7] [8] [9] ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG <>" (ID 63C4CB9F) of the OpenPKG project which you can retrieve from and hkp:// Follow the instructions on for details on how to verify the integrity of this advisory. ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG <> iD8DBQFC6L05gHWT4GPEy58RAijtAJ4ns7MSIFBukgwxsWtcUBc2/gcMIACfTMns z+Y55JlfpZgS5xNZKmvQt8E= =4UMi -----END PGP SIGNATURE----- ______________________________________________________________________ The OpenPKG Project Project Announcement List

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds