|
|
| Problem Description |
A Denial of Service bug was discovered in SpamAssassin. An attacker
could construct a particular message that would cause SpamAssassin to
consume CPU resources. If a large number of these messages were sent,
it could lead to a DoS. SpamAssassin 3.0.4 was released to correct
this vulnerability, as well as other minor bug fixes, and is provided
with this update.
For full details on the changes from previous versions of SpamAssassin
to this current version, please refer to the online documentation at
http://wiki.apache.org/spamassassin/NextRelease.
| Updated Packages |
Mandrakelinux 10.1
70c3144fdfc90df050e058e788724af2 10.1/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.101mdk.i586.rpm a812132eaa7d2f5037b9d813a0ddb2d4 10.1/RPMS/spamassassin-3.0.4-0.1.101mdk.i586.rpm 34ac7694b8a0d4757dc1e9514cb89abe 10.1/RPMS/spamassassin-spamc-3.0.4-0.1.101mdk.i586.rpm 4771bb089113c7fcfe8fc76705c9a1d6 10.1/RPMS/spamassassin-spamd-3.0.4-0.1.101mdk.i586.rpm 3dc5eb25ed5fbaf97126987fa6fef2a0 10.1/RPMS/spamassassin-tools-3.0.4-0.1.101mdk.i586.rpm 5f5e0a9d95abf8a8c914b453a200622f 10.1/SRPMS/spamassassin-3.0.4-0.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64
907ae240ba0c1383ffac92b6e44bf9b8 x86_64/10.1/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.101mdk.x86_64.rpm e4c381dce8549f1dcc0e193492344633 x86_64/10.1/RPMS/spamassassin-3.0.4-0.1.101mdk.x86_64.rpm e519886d73606721c7d039a781e48bf8 x86_64/10.1/RPMS/spamassassin-spamc-3.0.4-0.1.101mdk.x86_64.rpm cc9047d8bfc0f7dca47a8d20a4acdaba x86_64/10.1/RPMS/spamassassin-spamd-3.0.4-0.1.101mdk.x86_64.rpm 30a1796d9714c2f97fe18543611861ee x86_64/10.1/RPMS/spamassassin-tools-3.0.4-0.1.101mdk.x86_64.rpm 5f5e0a9d95abf8a8c914b453a200622f x86_64/10.1/SRPMS/spamassassin-3.0.4-0.1.101mdk.src.rpm
Mandriva Linux LE2005
968684a2cb5837f7b5c807e7cb84ac27 10.2/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.102mdk.i586.rpm b674284aeb77b560fcabea2e5cb3ea76 10.2/RPMS/spamassassin-3.0.4-0.1.102mdk.i586.rpm 5fe7625fbea7970929efb0d34910d6e8 10.2/RPMS/spamassassin-spamc-3.0.4-0.1.102mdk.i586.rpm ca728cf0e5e798758c0e3c1a89e52996 10.2/RPMS/spamassassin-spamd-3.0.4-0.1.102mdk.i586.rpm 94b9919c9afba79815ddf391f18ae9e7 10.2/RPMS/spamassassin-tools-3.0.4-0.1.102mdk.i586.rpm c0f1a6eda5f0e91c5630e81f2ec4a04c 10.2/SRPMS/spamassassin-3.0.4-0.1.102mdk.src.rpm
Mandriva Linux LE2005/X86_64
e58fbab242a1dbfc66b9a038c9ad31ef x86_64/10.2/RPMS/perl-Mail-SpamAssassin-3.0.4-0.1.102mdk.x86_64.rpm f52acfcca9d854c597462ef96cd0d60e x86_64/10.2/RPMS/spamassassin-3.0.4-0.1.102mdk.x86_64.rpm 434c6842488b18e288ed44e77ae83e9a x86_64/10.2/RPMS/spamassassin-spamc-3.0.4-0.1.102mdk.x86_64.rpm 3e6d8eecb483210d5a7504da27d7c109 x86_64/10.2/RPMS/spamassassin-spamd-3.0.4-0.1.102mdk.x86_64.rpm 14af3895888adfcffd1ea48feeee38b8 x86_64/10.2/RPMS/spamassassin-tools-3.0.4-0.1.102mdk.x86_64.rpm c0f1a6eda5f0e91c5630e81f2ec4a04c x86_64/10.2/SRPMS/spamassassin-3.0.4-0.1.102mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1266
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.