Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora Core 5 2007-584 Moderate: SpamAssassin Local Symlink Issue

fedora
Calendar Grey June 13, 2007
Dist Fedora Esm H88
Patch for Fedora Core 5 fixing local symlink issue in SpamAssassin; all standard configurations remain intact.
Local symlink vulnerability

Summary

SpamAssassin provides you with a way to reduce if not completely eliminate

Unsolicited Commercial Email (SPAM) from your incoming email. It can

be invoked by a MDA such as sendmail or postfix, or can be called from

a procmail script, .forward file, etc. It uses a genetic-algorithm

evolved scoring system to identify messages which look spammy, then

adds headers to the message so they can be filtered by the user's mail

reading software. This distribution includes the spamd/spamc components

which create a server that considerably speeds processing of mail.

To enable spamassassin, if you are receiving mail locally, simply add

this line to your ~/.procmailrc:

INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc

To filter spam for all users, add that line to /etc/procmailrc

(creating if necessary).

Local symlink vulnerability. Fedora is not vulnerable in any

default or common configurations. Read upstream's

announcement for details.

https://spamassassin.apache.org/404.html

- with proper deps for FC5

* Mon Jun 11 2007 Warren Togami 3.1.9-1

- 3.1.9 CVE-2007-2873

* Mon Feb 19 2007 Warren Togami 3.1.8-2

- Fix sa-learn regression (#228968)

* Tue Feb 13 2007 Warren Togami 3.1.8-1

- 3.1.8 CVE-2007-0451

* Tue Feb 13 2007 Warren Togami 3.1.7-9

- silence sa-update cron script

* Wed Feb 7 2007 Warren Togami 3.1.7-8

- only restart spamd if necessary after sa-update (#227756)

* Wed Feb 7 2007 Warren Togami 3.1.7-7

- requires gnupg (#227738)

* Sun Jan 28 2007 Warren Togami 3.1.7-6

- explicit requires on perl(HTTP::Date) and perl(LWP::UserAgent)

(Bug #193100)

* Mon Jan 22 2007 Warren Togami 3.1.7-5

- fix typo in logrotate.d (#223817)

* Thu Jan 18 2007 Warren Togami

- Options for RHEL4

* spamc/spamd cannot connect over IPv6 or SSL

* sa-update is disabled

The above functionality requires perl modules not included in RHEL4.

You may still use them if you get those perl modules from elsewhere.

RHEL5 ships these perl modules.

* Thu Dec 14 2006 Warren Togami - 3.1.7-4

- add standardized sa-update cron script, disabled by default

* Thu Dec 14 2006 Warren Togami - 3.1.7-2

- own directory /var/lib/spamassassin

* Mon Nov 20 2006 Warren Togami - 3.1.7-1

- 3.1.7 maintenance release

* Wed Aug 2 2006 Warren Togami - 3.1.4-1

- 3.1.4 maintenance release

* Mon Jul 17 2006 Warren Togami - 3.1.3-5

- req perl-IO-Socket-SSL for spamc/spamd SSL communication

- req perl-IO-Socket-INET6 for IPv6

* Wed Jul 12 2006 Jesse Keating - 3.1.3-3.1

- rebuild

* Tue Jun 27 2006 Florian La Roche - 3.1.3-3

- require diffutils for the post script (cmp is used)

* Wed Jun 7 2006 Warren Togami - 3.1.3-2

- start spamd before sendmail (#193818)

- require perl-Archive-Tar (#193100)

* Mon Jun 5 2006 Warren Togami - 3.1.3-1

- CVE-2006-2447

* Fri May 26 2006 Warren Togami - 3.1.2-1

- 3.1.2 bug fix release

* Tue May 9 2006 Warren Togami - 3.0.5-4

- Preserve timestamp and context of /etc/sysconfig/spamassassin (#178580)

d149196c0c9996e0b3b7269fba0764a26564d049 SRPMS/spamassassin-3.1.9-1.fc5.1.src.rpm

d149196c0c9996e0b3b7269fba0764a26564d049 noarch/spamassassin-3.1.9-1.fc5.1.src.rpm

ed38c2336f1bc1b45dc8a6538aaf8790c86ca91f ppc/debug/spamassassin-debuginfo-3.1.9-1.fc5.1.ppc.rpm

bed8d94a07da4003157afa92b088d333fb81c8ab ppc/spamassassin-3.1.9-1.fc5.1.ppc.rpm

e68d895f0a10ba026543052c5befe8f84d49c37f x86_64/debug/spamassassin-debuginfo-3.1.9-1.fc5.1.x86_64.rpm

25dfab33bd05c9f1f8a1a810e84db97308e09f61 x86_64/spamassassin-3.1.9-1.fc5.1.x86_64.rpm

9c42dbba61e33334f3c2b4d5188dcaec07657bc1 i386/spamassassin-3.1.9-1.fc5.1.i386.rpm

8bc34c7eae33cd6505c1a4ad753d1202eaae2c42 i386/debug/spamassassin-debuginfo-3.1.9-1.fc5.1.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory moderate update threat Fedora Core SpamAssassin local symlink

Change Log

References

Update Instructions

Severity
medium
Lowest
Low
Medium
High
Critical

Name: spamassassin
Version: 3.1.9
Release: 1.fc5.1
Summary: Spam filter for email which can be invoked from mail delivery agents.

Topics%20covered

Topics Covered

security advisory moderate update threat Fedora Core SpamAssassin local symlink

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here