-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:049 http://www.mandriva.com/security/ _______________________________________________________________________ Package : spamassassin Date : February 23, 2007 Affected: 2007.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A bug in the way that SpamAssassin processes HTML emails containing URIs was discovered in versions 3.1.x. A carefully crafted mail message could make SpamAssassin consume significant amounts of CPU resources that could delay or prevent the delivery of mail if a number of these messages were sent at once. SpamAssassin has been upgraded to version 3.1.8 to correct this problem, and other upstream bugs. In addition, an invalid path setting in local.cf for the auto_whitelist_path has been fixed for Mandriva 2007.0. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0451 http://qa.mandriva.com/show_bug.cgi?id=27424 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: d650293a8726a25c4fd3fac01058f758 2007.0/i586/perl-Mail-SpamAssassin-3.1.8-0.1mdv2007.0.i586.rpm 721c1aeebf3bf0eda9e82f165cebcd7b 2007.0/i586/spamassassin-3.1.8-0.1mdv2007.0.i586.rpm bb191e955876ae1cd3a39a694f5c6259 2007.0/i586/spamassassin-spamc-3.1.8-0.1mdv2007.0.i586.rpm 845c7c94d98f06bdcc2949ea2cf3272b 2007.0/i586/spamassassin-spamd-3.1.8-0.1mdv2007.0.i586.rpm 730d7cb8c61a3c40149ffdabb3a2a039 2007.0/i586/spamassassin-tools-3.1.8-0.1mdv2007.0.i586.rpm ad0a0132bf2cea709038ae72af5ad72b 2007.0/SRPMS/spamassassin-3.1.8-0.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 74e606f97f5d341eaaa7f1fae29af965 2007.0/x86_64/perl-Mail-SpamAssassin-3.1.8-0.1mdv2007.0.x86_64.rpm b75394411af4c61a6e273ae0bfdd0cdb 2007.0/x86_64/spamassassin-3.1.8-0.1mdv2007.0.x86_64.rpm 841dbbe7e13527bbed478c4ee1673824 2007.0/x86_64/spamassassin-spamc-3.1.8-0.1mdv2007.0.x86_64.rpm b0033170128717b308172d1be62d2fea 2007.0/x86_64/spamassassin-spamd-3.1.8-0.1mdv2007.0.x86_64.rpm 8cda04c353a295fe889b0373dd70c657 2007.0/x86_64/spamassassin-tools-3.1.8-0.1mdv2007.0.x86_64.rpm ad0a0132bf2cea709038ae72af5ad72b 2007.0/SRPMS/spamassassin-3.1.8-0.1mdv2007.0.src.rpm Corporate 4.0: 1cacb51bf040c259c069fa608e0e2c49 corporate/4.0/i586/perl-Mail-SpamAssassin-3.1.8-0.1.20060mlcs4.i586.rpm f05942822badb56e42aa93f0b5717a58 corporate/4.0/i586/spamassassin-3.1.8-0.1.20060mlcs4.i586.rpm 8a70c211b6b9f900aeadcb701a82de08 corporate/4.0/i586/spamassassin-spamc-3.1.8-0.1.20060mlcs4.i586.rpm cf64b92a8f7bf9e10f82e6ae5ff83d94 corporate/4.0/i586/spamassassin-spamd-3.1.8-0.1.20060mlcs4.i586.rpm f58b265feb70a6129bb747e52d9b968e corporate/4.0/i586/spamassassin-tools-3.1.8-0.1.20060mlcs4.i586.rpm 663e6ce1d90085aea5840934b742641b corporate/4.0/SRPMS/spamassassin-3.1.8-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 69f4a1ef34a46eaf071d157dab7a19a1 corporate/4.0/x86_64/perl-Mail-SpamAssassin-3.1.8-0.1.20060mlcs4.x86_64.rpm f18bd5698dfc5342984b6f2d0d15606f corporate/4.0/x86_64/spamassassin-3.1.8-0.1.20060mlcs4.x86_64.rpm 87b7259668e39af9187acd29cd59a872 corporate/4.0/x86_64/spamassassin-spamc-3.1.8-0.1.20060mlcs4.x86_64.rpm 533fee6c7f174f9964584864d6da08e7 corporate/4.0/x86_64/spamassassin-spamd-3.1.8-0.1.20060mlcs4.x86_64.rpm 7a0df8727eb4f3024325995b920b47a7 corporate/4.0/x86_64/spamassassin-tools-3.1.8-0.1.20060mlcs4.x86_64.rpm 663e6ce1d90085aea5840934b742641b corporate/4.0/SRPMS/spamassassin-3.1.8-0.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF30eemqjQ0CJFipgRAtogAKDGcmYv5ExJQdbQp8BIbj6Nst3cUQCgytlu z4crGBL8AKM8dTZU0ps/Sy8= =uiOS -----END PGP SIGNATURE-----
