User: Password:
|
|
Subscribe / Log in / New account

Mandriva alert MDKSA-2005:106 (spamassassin)

From:  Mandriva Security Team <security@mandriva.com>
To:  security-announce@mandrivalinux.org
Subject:  [Security Announce] MDKSA-2005:106 - Updated spamassassin packages fix DoS vulnerabilities
Date:  Tue, 28 Jun 2005 14:26:24 -0600

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: spamassassin Advisory ID: MDKSA-2005:106 Date: June 28th, 2005 Affected versions: 10.1, 10.2 ______________________________________________________________________ Problem Description: A Denial of Service bug was discovered in SpamAssassin. An attacker could construct a particular message that would cause SpamAssassin to consume CPU resources. If a large number of these messages were sent, it could lead to a DoS. SpamAssassin 3.0.4 was released to correct this vulnerability, as well as other minor bug fixes, and is provided with this update. For full details on the changes from previous versions of SpamAssassin to this current version, please refer to the online documentation at http://wiki.apache.org/spamassassin/NextRelease. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.1: 70c3144fdfc90df050e058e788724af2 10.1/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.101mdk.i586.rpm a812132eaa7d2f5037b9d813a0ddb2d4 10.1/RPMS/spamassassin-3.0.4-0.1.101mdk.i586.rpm 34ac7694b8a0d4757dc1e9514cb89abe 10.1/RPMS/spamassassin-spamc-3.0.4-0.1.101mdk.i586.rpm 4771bb089113c7fcfe8fc76705c9a1d6 10.1/RPMS/spamassassin-spamd-3.0.4-0.1.101mdk.i586.rpm 3dc5eb25ed5fbaf97126987fa6fef2a0 10.1/RPMS/spamassassin-tools-3.0.4-0.1.101mdk.i586.rpm 5f5e0a9d95abf8a8c914b453a200622f 10.1/SRPMS/spamassassin-3.0.4-0.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 907ae240ba0c1383ffac92b6e44bf9b8 x86_64/10.1/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.101mdk.x86_64.rpm e4c381dce8549f1dcc0e193492344633 x86_64/10.1/RPMS/spamassassin-3.0.4-0.1.101mdk.x86_64.rpm e519886d73606721c7d039a781e48bf8 x86_64/10.1/RPMS/spamassassin-spamc-3.0.4-0.1.101mdk.x86_64.rpm cc9047d8bfc0f7dca47a8d20a4acdaba x86_64/10.1/RPMS/spamassassin-spamd-3.0.4-0.1.101mdk.x86_64.rpm 30a1796d9714c2f97fe18543611861ee x86_64/10.1/RPMS/spamassassin-tools-3.0.4-0.1.101mdk.x86_64.rpm 5f5e0a9d95abf8a8c914b453a200622f x86_64/10.1/SRPMS/spamassassin-3.0.4-0.1.101mdk.src.rpm Mandrakelinux 10.2: 968684a2cb5837f7b5c807e7cb84ac27 10.2/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.102mdk.i586.rpm b674284aeb77b560fcabea2e5cb3ea76 10.2/RPMS/spamassassin-3.0.4-0.1.102mdk.i586.rpm 5fe7625fbea7970929efb0d34910d6e8 10.2/RPMS/spamassassin-spamc-3.0.4-0.1.102mdk.i586.rpm ca728cf0e5e798758c0e3c1a89e52996 10.2/RPMS/spamassassin-spamd-3.0.4-0.1.102mdk.i586.rpm 94b9919c9afba79815ddf391f18ae9e7 10.2/RPMS/spamassassin-tools-3.0.4-0.1.102mdk.i586.rpm c0f1a6eda5f0e91c5630e81f2ec4a04c 10.2/SRPMS/spamassassin-3.0.4-0.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: e58fbab242a1dbfc66b9a038c9ad31ef x86_64/10.2/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.102mdk.x86_64.rpm f52acfcca9d854c597462ef96cd0d60e x86_64/10.2/RPMS/spamassassin-3.0.4-0.1.102mdk.x86_64.rpm 434c6842488b18e288ed44e77ae83e9a x86_64/10.2/RPMS/spamassassin-spamc-3.0.4-0.1.102mdk.x86_64.rpm 3e6d8eecb483210d5a7504da27d7c109 x86_64/10.2/RPMS/spamassassin-spamd-3.0.4-0.1.102mdk.x86_64.rpm 14af3895888adfcffd1ea48feeee38b8 x86_64/10.2/RPMS/spamassassin-tools-3.0.4-0.1.102mdk.x86_64.rpm c0f1a6eda5f0e91c5630e81f2ec4a04c x86_64/10.2/SRPMS/spamassassin-3.0.4-0.1.102mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCwbJwmqjQ0CJFipgRAjI4AJ9oDGjcRP2Z5UUGBpZTH9ldn0iGmgCff8UQ bK9gcCcIrGT00bRCOv1NinQ= =Hdy6 -----END PGP SIGNATURE----- To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________


(Log in to post comments)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds