Linux Security
    Linux Security
    Linux Security

    Debian: New spamassassin packages fix potential DOS

    Date 30 Jun 2005
    Posted By Joe Shakespeare
    Updated package.
    - ------------------------------------------------------------------------
    Debian Security Advisory 736-1                       This email address is being protected from spambots. You need JavaScript enabled to view it.                            Michael Stone
    July 01, 2005               
    - ------------------------------------------------------------------------
    Package        : spamassassin
    Vulnerability  : mail header parsing error
    Problem type   : remote DOS
    Debian-specific: no
    CVE Id(s)      : CAN-2005-1266
    Debian Bug     : 314447
    A vulnerability was recently found in the way that SpamAssassin parses
    certain email headers. This vulnerability could cause SpamAssassin to
    consume a large number of CPU cycles when processing messages containing
    these headers, leading to a potential denial of service (DOS) attack. 
    The version of SpamAssassin in the old stable distribution (woody) is
    not vulnerable.
    For the stable distribution (sarge), this problem has been fixed in
    version 3.0.3-2. Note that packages are not yet ready for certain
    architectures; these will be released as they become available.
    For the unstable distribution (sid), this problem has been fixed in
    version 3.0.4-1.
    We recommend that you upgrade your sarge or sid spamassassin package.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian 3.1 (sarge)
    - ------------------
      Source archives:
          Size/MD5 checksum:    44610 b1b383fc4f9dc0792ecd954fa99aaa56
          Size/MD5 checksum:   999558 ca96f23cd1eb7d663ab55db98ef8090c
          Size/MD5 checksum:      776 4f3092c679992ad322598f4195f4800c
      Architecture independent packages:
          Size/MD5 checksum:   768948 b2d7f49923aa67d8a016e5a3b3545249
      alpha architecture (DEC Alpha)
          Size/MD5 checksum:    61552 84fcd819583c747545fda079a074d987
      i386 architecture (Intel ia32)
          Size/MD5 checksum:    58438 18138ce49c9d249fb5d93487e60481a2
      ia64 architecture (Intel ia64)
          Size/MD5 checksum:    65020 65e214d1922317d511e23c32f7e19ff6
      m68k architecture (Motorola Mc680x0)
          Size/MD5 checksum:    57536 b13aad3cb78a148e8838ddfdb301dbd5
      mips architecture (MIPS (Big Endian))
          Size/MD5 checksum:    60228 8578263361ff0e95ed0bddc2493d620e
      mipsel architecture (MIPS (Little Endian))
          Size/MD5 checksum:    60202 2338edb2f9679396005d490232147b7b
      powerpc architecture (PowerPC)
          Size/MD5 checksum:    60578 e547e452fc5e7ed28b04065af1b677a0
      s390 architecture (IBM S/390)
          Size/MD5 checksum:    59436 32ab8a7fef23ac35912ae51cc22aad29
      sparc architecture (Sun SPARC/UltraSPARC)
          Size/MD5 checksum:    58370 8791b8226b25a0bc5381f39257ecd547
    - -------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.