Has anyone determined whether this DoS also affects these versions of Spamassassin when running on OpenBSD 3.5 ? If so, is there an applicable patch for that O.S. as well? Thanks! Joel Kinard Global Compliance Services Charlotte, NC + --- Mandrake Linux Security Team <security@xxxxxxxxxxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > _______________________________________________________________________ > > Mandrakelinux Security Update Advisory > _______________________________________________________________________ > > Package name: spamassassin > Advisory ID: MDKSA-2004:084 > Date: August 18th, 2004 > > Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1 > ______________________________________________________________________ > > Problem Description: > > Security fix prevents a denial of service attack open to certain > malformed messages; this DoS affects all SpamAssassin 2.5x and 2.6x > versions to date. > _______________________________________________________________________ > > References: > > http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767&w=2 > ______________________________________________________________________ > > Updated Packages: > > Mandrakelinux 10.0: > 5b523cae997b928ef74bcb147bc3dc58 10.0/RPMS/spamassassin-2.63-2.1.100mdk.i586.rpm > 648b4aec9d3839102474a18665eb417a 10.0/RPMS/spamassassin-tools-2.63-2.1.100mdk.i586.rpm > 764a571c8f7d0ba495da185a1c1ad1fd 10.0/RPMS/perl-Mail-SpamAssassin-2.63-2.1.100mdk.i586.rpm > aeec218cb9e05fc9e0a39b6232b3ffb0 10.0/SRPMS/spamassassin-2.63-2.1.100mdk.src.rpm > > Mandrakelinux 10.0/AMD64: > 09df0a5b383eb0d41575a1f529ab5c0a amd64/10.0/RPMS/spamassassin-2.63-2.1.100mdk.amd64.rpm > 55400288a24bee8fc161ff6ee09a43bf amd64/10.0/RPMS/spamassassin-tools-2.63-2.1.100mdk.amd64.rpm > 3e80a6cf3cc98ca8e50f038462542dfc > amd64/10.0/RPMS/perl-Mail-SpamAssassin-2.63-2.1.100mdk.amd64.rpm > aeec218cb9e05fc9e0a39b6232b3ffb0 amd64/10.0/SRPMS/spamassassin-2.63-2.1.100mdk.src.rpm > > Corporate Server 2.1/x86_64: > 308c5c891528d7647a859a0e06c476c4 > x86_64/corporate/2.1/RPMS/spamassassin-2.53-1.1.C21mdk.x86_64.rpm > 9d8fa372922261e3c9a7d972a4ddb4da > x86_64/corporate/2.1/RPMS/spamassassin-tools-2.53-1.1.C21mdk.x86_64.rpm > 324109473351331503ebf0e949a5eacf > x86_64/corporate/2.1/RPMS/perl-Mail-SpamAssassin-2.53-1.1.C21mdk.x86_64.rpm > bb4068503f9f85f1174c312edaa42c50 > x86_64/corporate/2.1/SRPMS/spamassassin-2.53-1.1.C21mdk.src.rpm > > Mandrakelinux 9.1: > 2cae1384e9d5681afaf33bb987666e38 9.1/RPMS/spamassassin-2.44-1.1.91mdk.i586.rpm > f9de623c91ad5fea6a77278fb3c806e2 9.1/RPMS/spamassassin-tools-2.44-1.1.91mdk.i586.rpm > c6e83539afe0d816aa7aa60423ec25f5 9.1/RPMS/perl-Mail-SpamAssassin-2.44-1.1.91mdk.i586.rpm > 816b118e15d228db4073242470a0544c 9.1/SRPMS/spamassassin-2.44-1.1.91mdk.src.rpm > > Mandrakelinux 9.1/PPC: > c8746cb07bb27db5525745d7596dd1bb ppc/9.1/RPMS/spamassassin-2.44-1.1.91mdk.ppc.rpm > 87623c4ec0adff188646c7d07d153c69 ppc/9.1/RPMS/spamassassin-tools-2.44-1.1.91mdk.ppc.rpm > da8537bffa927c435c4fef88fbbee4eb ppc/9.1/RPMS/perl-Mail-SpamAssassin-2.44-1.1.91mdk.ppc.rpm > 816b118e15d228db4073242470a0544c ppc/9.1/SRPMS/spamassassin-2.44-1.1.91mdk.src.rpm > > Mandrakelinux 9.2: > 321c26941160d803263f1f49e9fb0b80 9.2/RPMS/spamassassin-2.55-2.1.92mdk.i586.rpm > 4e81f648eaf1a4cfefa4997fe13eb2c9 9.2/RPMS/spamassassin-tools-2.55-2.1.92mdk.i586.rpm > 4408fec0d9a9a6a84a2d01345a8a3b37 9.2/RPMS/perl-Mail-SpamAssassin-2.55-2.1.92mdk.i586.rpm > 677be35edf38a7363f3714092b12439a 9.2/SRPMS/spamassassin-2.55-2.1.92mdk.src.rpm > > Mandrakelinux 9.2/AMD64: > 61a2929f0ef503d24252b083692356f1 amd64/9.2/RPMS/spamassassin-2.55-2.1.92mdk.amd64.rpm > 2823caa21693d9d430624dd5e15e7c84 amd64/9.2/RPMS/spamassassin-tools-2.55-2.1.92mdk.amd64.rpm > 1e9fa6fc40a39e3a7c55a67b6b9daa81 > amd64/9.2/RPMS/perl-Mail-SpamAssassin-2.55-2.1.92mdk.amd64.rpm > 677be35edf38a7363f3714092b12439a amd64/9.2/SRPMS/spamassassin-2.55-2.1.92mdk.src.rpm > _______________________________________________________________________ > > To upgrade automatically use MandrakeUpdate or urpmi. The verification > of md5 checksums and GPG signatures is performed automatically for you. > > All packages are signed by Mandrakesoft for security. You can obtain > the GPG public key of the Mandrakelinux Security Team by executing: > > gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 > > You can view other update advisories for Mandrakelinux at: > > http://www.mandrakesoft.com/security/advisories > > If you want to report vulnerabilities, please contact > > security_linux-mandrake.com > > Type Bits/KeyID Date User ID > pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team > <security linux-mandrake.com> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.7 (GNU/Linux) > > iD8DBQFBI9gQmqjQ0CJFipgRAtJbAKDHJT659KOaPTO6DaNVcnBdfaYzHQCgrlMN > m5/VpkqzBgS6D+P5/Q8esYg= > =GusY > -----END PGP SIGNATURE----- > _______________________________ Do you Yahoo!? Win 1 of 4,000 free domain names from Yahoo! Enter now. http://promotions.yahoo.com/goldrush
