Issued:: 2006-03-07
Updated:: 2006-03-07

RHSA-2006:0129 - Security Advisory

Overview
Updated Packages

Synopsis

spamassassin security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated spamassassin package that fixes a denial of service flaw is now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

SpamAssassin provides a way to reduce unsolicited commercial email (SPAM)
from incoming email.

A denial of service bug was found in SpamAssassin. An attacker could
construct a message in such a way that would cause SpamAssassin to crash.
If a number of these messages are sent, it could lead to a denial of
service, potentially preventing the delivery or filtering of email. The
Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the
name CVE-2005-3351 to this issue.

The following issues have also been fixed in this update:

service spamassassin restart sometimes fails
Content Boundary "--" throws off message parser
sa-learn: massive memory usage on large messages
High memory usage with many newlines
service spamassassin messages not translated
Numerous other bug fixes that improve spam filter accuracy and safety

Users of SpamAssassin should upgrade to this updated package containing
version 3.0.5, which is not vulnerable to these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

(none)

CVEs

CVE-2005-3351

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
spamassassin-3.0.5-3.el4.src.rpm	SHA-256: d53e029c617dd54e8d89048591bd1833217802b10ad5e705dc24631c4abee2f6
x86_64
spamassassin-3.0.5-3.el4.x86_64.rpm	SHA-256: 8aa2568c51e4277fa70caba91d9d2d396d0144b9446d18a56b81c44c29af1ab9
spamassassin-3.0.5-3.el4.x86_64.rpm	SHA-256: 8aa2568c51e4277fa70caba91d9d2d396d0144b9446d18a56b81c44c29af1ab9
ia64
spamassassin-3.0.5-3.el4.ia64.rpm	SHA-256: cfcd4b18a388050e09ed6dd70362996c5ebfae2f6e67e914c5c84706d783d386
spamassassin-3.0.5-3.el4.ia64.rpm	SHA-256: cfcd4b18a388050e09ed6dd70362996c5ebfae2f6e67e914c5c84706d783d386
i386
spamassassin-3.0.5-3.el4.i386.rpm	SHA-256: 73ad250944cc73958196c944767266d34a2f2719445400455dac12ec005f178b
spamassassin-3.0.5-3.el4.i386.rpm	SHA-256: 73ad250944cc73958196c944767266d34a2f2719445400455dac12ec005f178b

Red Hat Enterprise Linux Workstation 4

SRPM
spamassassin-3.0.5-3.el4.src.rpm	SHA-256: d53e029c617dd54e8d89048591bd1833217802b10ad5e705dc24631c4abee2f6
x86_64
spamassassin-3.0.5-3.el4.x86_64.rpm	SHA-256: 8aa2568c51e4277fa70caba91d9d2d396d0144b9446d18a56b81c44c29af1ab9
ia64
spamassassin-3.0.5-3.el4.ia64.rpm	SHA-256: cfcd4b18a388050e09ed6dd70362996c5ebfae2f6e67e914c5c84706d783d386
i386
spamassassin-3.0.5-3.el4.i386.rpm	SHA-256: 73ad250944cc73958196c944767266d34a2f2719445400455dac12ec005f178b

Red Hat Enterprise Linux Desktop 4

SRPM
spamassassin-3.0.5-3.el4.src.rpm	SHA-256: d53e029c617dd54e8d89048591bd1833217802b10ad5e705dc24631c4abee2f6
x86_64
spamassassin-3.0.5-3.el4.x86_64.rpm	SHA-256: 8aa2568c51e4277fa70caba91d9d2d396d0144b9446d18a56b81c44c29af1ab9
i386
spamassassin-3.0.5-3.el4.i386.rpm	SHA-256: 73ad250944cc73958196c944767266d34a2f2719445400455dac12ec005f178b

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
spamassassin-3.0.5-3.el4.src.rpm	SHA-256: d53e029c617dd54e8d89048591bd1833217802b10ad5e705dc24631c4abee2f6
s390x
spamassassin-3.0.5-3.el4.s390x.rpm	SHA-256: 6a33b68fa22f625676b19aef2a890d7890ac9674f90dce1b26772a219bee8d82
s390
spamassassin-3.0.5-3.el4.s390.rpm	SHA-256: 47ef66b713357bc91c5c5849172a3832bba20984bffd8c12e4a5914734720613

Red Hat Enterprise Linux for Power, big endian 4

SRPM
spamassassin-3.0.5-3.el4.src.rpm	SHA-256: d53e029c617dd54e8d89048591bd1833217802b10ad5e705dc24631c4abee2f6
ppc
spamassassin-3.0.5-3.el4.ppc.rpm	SHA-256: e6884d4401f8b16aa0f892a254203f359ddfe58f3996ee2039b9ab19f3459101

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation