An updated spamassassin package that fixes a denial of service flaw is now
available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
SpamAssassin provides a way to reduce unsolicited commercial email (SPAM)
from incoming email.
A denial of service bug was found in SpamAssassin. An attacker could
construct a message in such a way that would cause SpamAssassin to crash.
If a number of these messages are sent, it could lead to a denial of
service, potentially preventing the delivery or filtering of email. The
Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the
name CVE-2005-3351 to this issue.
The following issues have also been fixed in this update:
* service spamassassin restart sometimes fails
* Content Boundary "--" throws off message parser
* sa-learn: massive memory usage on large messages
* High memory usage with many newlines
* service spamassassin messages not translated
* Numerous other bug fixes that improve spam filter accuracy and safety
Users of SpamAssassin should upgrade to this updated package containing
version 3.0.5, which is not vulnerable to these issues.
| Red Hat Desktop (v. 4) |
|
| SRPMS: |
spamassassin-3.0.5-3.el4.src.rpm
File outdated by: RHEA-2008:0738 |
93b3839225e48238d564fecb6581aeff |
| |
| IA-32: |
spamassassin-3.0.5-3.el4.i386.rpm
File outdated by: RHEA-2008:0738 |
59c978c6a49b57f8b933bb61af93a1d8 |
| |
| x86_64: |
spamassassin-3.0.5-3.el4.x86_64.rpm
File outdated by: RHEA-2008:0738 |
23ac93dad62bcfd36f35423ffdaee2f9 |
| |
| Red Hat Enterprise Linux AS (v. 4) |
|
| SRPMS: |
spamassassin-3.0.5-3.el4.src.rpm
File outdated by: RHEA-2008:0738 |
93b3839225e48238d564fecb6581aeff |
| |
| IA-32: |
spamassassin-3.0.5-3.el4.i386.rpm
File outdated by: RHEA-2008:0738 |
59c978c6a49b57f8b933bb61af93a1d8 |
| |
| IA-64: |
spamassassin-3.0.5-3.el4.ia64.rpm
File outdated by: RHEA-2008:0738 |
fa88d6b5a97ab24352c612e9e0fb6d1d |
| |
| PPC: |
spamassassin-3.0.5-3.el4.ppc.rpm
File outdated by: RHEA-2008:0738 |
f020bd9f603de824787920f9f5c15e09 |
| |
| s390: |
spamassassin-3.0.5-3.el4.s390.rpm
File outdated by: RHEA-2008:0738 |
3265ff358c69dd0bdb74388d81ef19ce |
| |
| s390x: |
spamassassin-3.0.5-3.el4.s390x.rpm
File outdated by: RHEA-2008:0738 |
44c9c099aed9a1739abe9d94cc19a667 |
| |
| x86_64: |
spamassassin-3.0.5-3.el4.x86_64.rpm
File outdated by: RHEA-2008:0738 |
23ac93dad62bcfd36f35423ffdaee2f9 |
| |
| Red Hat Enterprise Linux ES (v. 4) |
|
| SRPMS: |
spamassassin-3.0.5-3.el4.src.rpm
File outdated by: RHEA-2008:0738 |
93b3839225e48238d564fecb6581aeff |
| |
| IA-32: |
spamassassin-3.0.5-3.el4.i386.rpm
File outdated by: RHEA-2008:0738 |
59c978c6a49b57f8b933bb61af93a1d8 |
| |
| IA-64: |
spamassassin-3.0.5-3.el4.ia64.rpm
File outdated by: RHEA-2008:0738 |
fa88d6b5a97ab24352c612e9e0fb6d1d |
| |
| x86_64: |
spamassassin-3.0.5-3.el4.x86_64.rpm
File outdated by: RHEA-2008:0738 |
23ac93dad62bcfd36f35423ffdaee2f9 |
| |
| Red Hat Enterprise Linux WS (v. 4) |
|
| SRPMS: |
spamassassin-3.0.5-3.el4.src.rpm
File outdated by: RHEA-2008:0738 |
93b3839225e48238d564fecb6581aeff |
| |
| IA-32: |
spamassassin-3.0.5-3.el4.i386.rpm
File outdated by: RHEA-2008:0738 |
59c978c6a49b57f8b933bb61af93a1d8 |
| |
| IA-64: |
spamassassin-3.0.5-3.el4.ia64.rpm
File outdated by: RHEA-2008:0738 |
fa88d6b5a97ab24352c612e9e0fb6d1d |
| |
| x86_64: |
spamassassin-3.0.5-3.el4.x86_64.rpm
File outdated by: RHEA-2008:0738 |
23ac93dad62bcfd36f35423ffdaee2f9 |
| |
(The unlinked packages above are only available from the Red Hat Network)
|
spamassassin security update