SpamAssassin provides a way to reduce unsolicited commercial email (SPAM)
from incoming email.
A denial of service bug has been found in SpamAssassin. An attacker could
construct a message in such a way that would cause SpamAssassin to consume
CPU resources. If a number of these messages were sent it could lead to a
denial of service, potentially preventing the delivery or filtering of
email. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-1266 to this issue.
SpamAssassin version 3.0.4 additionally solves a number of bugs including:
For full details, please refer to the change details of 3.0.2, 3.0.3, and
3.0.4 in SpamAssassin’s online documentation at the following address:
http://wiki.apache.org/spamassassin/NextRelease
Users of SpamAssassin should update to this updated package, containing
version 3.0.4 which is not vulnerable to this issue and resolves these bugs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 4 | ppc | spamassassin | < 3.0.4-1.el4 | spamassassin-3.0.4-1.el4.ppc.rpm |
RedHat | 4 | src | spamassassin | < 3.0.4-1.el4 | spamassassin-3.0.4-1.el4.src.rpm |
RedHat | 4 | x86_64 | spamassassin | < 3.0.4-1.el4 | spamassassin-3.0.4-1.el4.x86_64.rpm |
RedHat | 4 | s390x | spamassassin | < 3.0.4-1.el4 | spamassassin-3.0.4-1.el4.s390x.rpm |
RedHat | 4 | ia64 | spamassassin | < 3.0.4-1.el4 | spamassassin-3.0.4-1.el4.ia64.rpm |
RedHat | 4 | i386 | spamassassin | < 3.0.4-1.el4 | spamassassin-3.0.4-1.el4.i386.rpm |
RedHat | 4 | s390 | spamassassin | < 3.0.4-1.el4 | spamassassin-3.0.4-1.el4.s390.rpm |