- Issued:
- 2007-06-13
- Updated:
- 2007-06-13
RHSA-2007:0492 - Security Advisory
Synopsis
Moderate: spamassassin security update
Type/Severity
Security Advisory: Moderate
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated spamassassin packages that fix a security issue are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Description
SpamAssassin provides a way to reduce unsolicited commercial email (spam)
from incoming email.
Martin Krafft discovered a symlink issue in SpamAssassin that affects
certain non-default configurations. A local user could use this flaw to
create or overwrite files writable by the spamd process (CVE-2007-2873).
Users of SpamAssassin should upgrade to these updated packages which
contain a backported patch to correct this issue.
Note: This issue did not affect the version of SpamAssassin shipped with
Red Hat Enterprise Linux 3.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 ia64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux for Power, big endian 4 ppc
- Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 243455 - CVE-2007-2873 spamassassin symlink attack
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server 5
| SRPM | |
|---|---|
| spamassassin-3.1.9-1.el5.src.rpm | SHA-256: b4fa83e810eb86c5e04aed636e3dbc7c11c4fbd437e97c390ede85399a7b6c9e |
| x86_64 | |
| spamassassin-3.1.9-1.el5.x86_64.rpm | SHA-256: 36a7d3c018e56a080133117bd64d87961a2562079e1caf66fd85a2c51fddbff6 |
| ia64 | |
| spamassassin-3.1.9-1.el5.ia64.rpm | SHA-256: 28a7c09ea4d0d6bb5757ab1d5ed17d179c0a570b1b5556285589d9997fc02173 |
| i386 | |
| spamassassin-3.1.9-1.el5.i386.rpm | SHA-256: 8f8604d7726d5b294db5f262cbeb3a74efbfef17437a02b79ca730e313d09928 |
Red Hat Enterprise Linux Server 4
| SRPM | |
|---|---|
| spamassassin-3.1.9-1.el4.src.rpm | SHA-256: 7d0e2ebb04e3a0a9922a4ce561ff93a6d07222520feecd962d96c4eaabcf214d |
| x86_64 | |
| spamassassin-3.1.9-1.el4.x86_64.rpm | SHA-256: 9c105e7685fd3849af7db1fb781fdca4b8bcf860f5692a8295411a3336a1a33b |
| spamassassin-3.1.9-1.el4.x86_64.rpm | SHA-256: 9c105e7685fd3849af7db1fb781fdca4b8bcf860f5692a8295411a3336a1a33b |
| ia64 | |
| spamassassin-3.1.9-1.el4.ia64.rpm | SHA-256: 2319e5fb6ffad0024031ed09211ca01c3c1a29fd2f9db515d19ec3e620fddb2b |
| spamassassin-3.1.9-1.el4.ia64.rpm | SHA-256: 2319e5fb6ffad0024031ed09211ca01c3c1a29fd2f9db515d19ec3e620fddb2b |
| i386 | |
| spamassassin-3.1.9-1.el4.i386.rpm | SHA-256: e3ebb18a13926300162b0036acb0d215fe01ae4e48cb3b7d1e4adda44e99423a |
| spamassassin-3.1.9-1.el4.i386.rpm | SHA-256: e3ebb18a13926300162b0036acb0d215fe01ae4e48cb3b7d1e4adda44e99423a |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5
| SRPM | |
|---|---|
| spamassassin-3.1.9-1.el4.src.rpm | SHA-256: 7d0e2ebb04e3a0a9922a4ce561ff93a6d07222520feecd962d96c4eaabcf214d |
| x86_64 | |
| spamassassin-3.1.9-1.el4.x86_64.rpm | SHA-256: 9c105e7685fd3849af7db1fb781fdca4b8bcf860f5692a8295411a3336a1a33b |
| spamassassin-3.1.9-1.el4.x86_64.rpm | SHA-256: 9c105e7685fd3849af7db1fb781fdca4b8bcf860f5692a8295411a3336a1a33b |
| ia64 | |
| spamassassin-3.1.9-1.el4.ia64.rpm | SHA-256: 2319e5fb6ffad0024031ed09211ca01c3c1a29fd2f9db515d19ec3e620fddb2b |
| spamassassin-3.1.9-1.el4.ia64.rpm | SHA-256: 2319e5fb6ffad0024031ed09211ca01c3c1a29fd2f9db515d19ec3e620fddb2b |
| i386 | |
| spamassassin-3.1.9-1.el4.i386.rpm | SHA-256: e3ebb18a13926300162b0036acb0d215fe01ae4e48cb3b7d1e4adda44e99423a |
| spamassassin-3.1.9-1.el4.i386.rpm | SHA-256: e3ebb18a13926300162b0036acb0d215fe01ae4e48cb3b7d1e4adda44e99423a |
Red Hat Enterprise Linux Workstation 5
| SRPM | |
|---|---|
| spamassassin-3.1.9-1.el5.src.rpm | SHA-256: b4fa83e810eb86c5e04aed636e3dbc7c11c4fbd437e97c390ede85399a7b6c9e |
| x86_64 | |
| spamassassin-3.1.9-1.el5.x86_64.rpm | SHA-256: 36a7d3c018e56a080133117bd64d87961a2562079e1caf66fd85a2c51fddbff6 |
| i386 | |
| spamassassin-3.1.9-1.el5.i386.rpm | SHA-256: 8f8604d7726d5b294db5f262cbeb3a74efbfef17437a02b79ca730e313d09928 |
Red Hat Enterprise Linux Workstation 4
| SRPM | |
|---|---|
| spamassassin-3.1.9-1.el4.src.rpm | SHA-256: 7d0e2ebb04e3a0a9922a4ce561ff93a6d07222520feecd962d96c4eaabcf214d |
| x86_64 | |
| spamassassin-3.1.9-1.el4.x86_64.rpm | SHA-256: 9c105e7685fd3849af7db1fb781fdca4b8bcf860f5692a8295411a3336a1a33b |
| ia64 | |
| spamassassin-3.1.9-1.el4.ia64.rpm | SHA-256: 2319e5fb6ffad0024031ed09211ca01c3c1a29fd2f9db515d19ec3e620fddb2b |
| i386 | |
| spamassassin-3.1.9-1.el4.i386.rpm | SHA-256: e3ebb18a13926300162b0036acb0d215fe01ae4e48cb3b7d1e4adda44e99423a |
Red Hat Enterprise Linux Desktop 5
| SRPM | |
|---|---|
| spamassassin-3.1.9-1.el5.src.rpm | SHA-256: b4fa83e810eb86c5e04aed636e3dbc7c11c4fbd437e97c390ede85399a7b6c9e |
| x86_64 | |
| spamassassin-3.1.9-1.el5.x86_64.rpm | SHA-256: 36a7d3c018e56a080133117bd64d87961a2562079e1caf66fd85a2c51fddbff6 |
| i386 | |
| spamassassin-3.1.9-1.el5.i386.rpm | SHA-256: 8f8604d7726d5b294db5f262cbeb3a74efbfef17437a02b79ca730e313d09928 |
Red Hat Enterprise Linux Desktop 4
| SRPM | |
|---|---|
| spamassassin-3.1.9-1.el4.src.rpm | SHA-256: 7d0e2ebb04e3a0a9922a4ce561ff93a6d07222520feecd962d96c4eaabcf214d |
| x86_64 | |
| spamassassin-3.1.9-1.el4.x86_64.rpm | SHA-256: 9c105e7685fd3849af7db1fb781fdca4b8bcf860f5692a8295411a3336a1a33b |
| i386 | |
| spamassassin-3.1.9-1.el4.i386.rpm | SHA-256: e3ebb18a13926300162b0036acb0d215fe01ae4e48cb3b7d1e4adda44e99423a |
Red Hat Enterprise Linux for IBM z Systems 5
| SRPM | |
|---|---|
| spamassassin-3.1.9-1.el5.src.rpm | SHA-256: b4fa83e810eb86c5e04aed636e3dbc7c11c4fbd437e97c390ede85399a7b6c9e |
| s390x | |
| spamassassin-3.1.9-1.el5.s390x.rpm | SHA-256: 1e6fac029c321cce032de57a365ce4e5858434937faccfc0811eaecbfd064271 |
Red Hat Enterprise Linux for IBM z Systems 4
| SRPM | |
|---|---|
| spamassassin-3.1.9-1.el4.src.rpm | SHA-256: 7d0e2ebb04e3a0a9922a4ce561ff93a6d07222520feecd962d96c4eaabcf214d |
| s390x | |
| spamassassin-3.1.9-1.el4.s390x.rpm | SHA-256: 79770c731d1a8a9f803efe6b15f7ea50a769633091b9c92c9bf5ed83f2701d02 |
| s390 | |
| spamassassin-3.1.9-1.el4.s390.rpm | SHA-256: 06e570263cfe4ffd2f231438500e44c6e17cbfc8d0593b09239c9ede5aba91d2 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5
| SRPM | |
|---|---|
| spamassassin-3.1.9-1.el4.src.rpm | SHA-256: 7d0e2ebb04e3a0a9922a4ce561ff93a6d07222520feecd962d96c4eaabcf214d |
| s390x | |
| spamassassin-3.1.9-1.el4.s390x.rpm | SHA-256: 79770c731d1a8a9f803efe6b15f7ea50a769633091b9c92c9bf5ed83f2701d02 |
| s390 | |
| spamassassin-3.1.9-1.el4.s390.rpm | SHA-256: 06e570263cfe4ffd2f231438500e44c6e17cbfc8d0593b09239c9ede5aba91d2 |
Red Hat Enterprise Linux for Power, big endian 5
| SRPM | |
|---|---|
| spamassassin-3.1.9-1.el5.src.rpm | SHA-256: b4fa83e810eb86c5e04aed636e3dbc7c11c4fbd437e97c390ede85399a7b6c9e |
| ppc | |
| spamassassin-3.1.9-1.el5.ppc.rpm | SHA-256: 918f3d9ef85fd08a62ef0b8fb82a86b0f85b69b2b6d5b6198474badf3d4cf894 |
Red Hat Enterprise Linux for Power, big endian 4
| SRPM | |
|---|---|
| spamassassin-3.1.9-1.el4.src.rpm | SHA-256: 7d0e2ebb04e3a0a9922a4ce561ff93a6d07222520feecd962d96c4eaabcf214d |
| ppc | |
| spamassassin-3.1.9-1.el4.ppc.rpm | SHA-256: 25762ef6a6c94fa54f4b798102988bf413f68fd7e61230d77dddfd1170723765 |
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5
| SRPM | |
|---|---|
| spamassassin-3.1.9-1.el4.src.rpm | SHA-256: 7d0e2ebb04e3a0a9922a4ce561ff93a6d07222520feecd962d96c4eaabcf214d |
| ppc | |
| spamassassin-3.1.9-1.el4.ppc.rpm | SHA-256: 25762ef6a6c94fa54f4b798102988bf413f68fd7e61230d77dddfd1170723765 |
Red Hat Enterprise Linux Server from RHUI 5
| SRPM | |
|---|---|
| spamassassin-3.1.9-1.el5.src.rpm | SHA-256: b4fa83e810eb86c5e04aed636e3dbc7c11c4fbd437e97c390ede85399a7b6c9e |
| x86_64 | |
| spamassassin-3.1.9-1.el5.x86_64.rpm | SHA-256: 36a7d3c018e56a080133117bd64d87961a2562079e1caf66fd85a2c51fddbff6 |
| i386 | |
| spamassassin-3.1.9-1.el5.i386.rpm | SHA-256: 8f8604d7726d5b294db5f262cbeb3a74efbfef17437a02b79ca730e313d09928 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
