[PLDSA 24-1] New spamassassin packages fix buffer overflow

Krzysiek Taraszka dzimi at pld.org.pl
Sun Feb 9 13:09:29 CET 2003


- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 24-1                        security at pld.org.pl
http://www.pld.org.pl/security/                          PLD Security Team
03 February 2003 			http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------

Package        : prior to spamassassin-2.43-2		
Vulnerability  : buffer overflow
Problem-Type   : remote
PLD-specific   : no

Attacker may be able to execute arbitrary code by sending a specially
crafted e-mail to a system using SpamAssassin's spamc program in BSMTP mode
(-B option).

The above problems have been fixed in version 2.44-1 for the
current stable distribution (ra).

We recommend that you upgrade your spamassassin packages.

wget -c url
	will fetch the file for you
rpm -Uhv file(s)*.rpm
        will upgrade the referenced file.

If you are using "poldek" - the package manager, use the line as given below
for upgrade packages

poldek --update
        will update the internal database
poldek --upgrade 'spamassassin*'
        will install corrected packages

If you are using "apt" - the package manager, use the line as given below
for upgrade packages

apt-get update
        will update the internal database
apt-get upgrade 'spamassassin*'
        will install corrected packages

PLD Linux 1.0 alias ra
- --------------------

  Source archives:

ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/spamassassin-2.44-1.src.rpm
       MD5 checksum: 29454e48961229eddaa820a25039c9f0

  I386 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/perl-Mail-SpamAssassin-2.44-1.i386.rpm
       MD5 checksum: 3119af38d3c286aab8d1747ee8e02edb

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/spamassassin-2.44-1.i386.rpm
       MD5 checksum: 0b1233a1b1fd03b9eb05c6b3fb7aae28

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/spamassassin-spamc-2.44-1.i386.rpm
       MD5 checksum: 0b7c8459c6cd35be5d530d4ac3036c21

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/spamassassin-spamd-2.44-1.i386.rpm
       MD5 checksum: c3843e98320766f20ed0b798f2a2c6f9

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/spamassassin-tools-2.44-1.i386.rpm
       MD5 checksum: 83abe9fded1e3ca5b64607fd52c1d45f


  I586 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/perl-Mail-SpamAssassin-2.44-1.i586.rpm
       MD5 checksum: 9455166ed644df04024c9914f9ef40ca

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/spamassassin-2.44-1.i586.rpm
       MD5 checksum: 6e8d7dd178af7833c3b724424e72b05c

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/spamassassin-spamc-2.44-1.i586.rpm
       MD5 checksum: cadf6cef4f73f2c76c45fff46334950a

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/spamassassin-spamd-2.44-1.i586.rpm
       MD5 checksum: b1dd36063488c1e1be9991527efb9975

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/spamassassin-tools-2.44-1.i586.rpm
       MD5 checksum: 7fb1bd78b7a0b354f11778180e4db82f


  I686 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/perl-Mail-SpamAssassin-2.44-1.i686.rpm
       MD5 checksum: 7c0a06fa9952d4b243591573d440d85c

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/spamassassin-2.44-1.i686.rpm
       MD5 checksum: 62bb35a1ede6177f133ff186e3f22c5f

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/spamassassin-spamc-2.44-1.i686.rpm
       MD5 checksum: fd8f7f4cf64699deeffde45a2d6976da

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/spamassassin-spamd-2.44-1.i686.rpm
       MD5 checksum: e31b031be2f6fed169ac93edccceda48

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/spamassassin-tools-2.44-1.i686.rpm
       MD5 checksum: 0f6478ca13ce7dace4fe8418211df094


  PowerPC Architecture components:


ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/spamassassin-2.44-1.ppc.rpm
       MD5 checksum: 28353f0988eb98acadf6d1051f8467d2

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/spamassassin-spamc-2.44-1.ppc.rpm
       MD5 checksum: f8ba674e6aa26356266152309f778fa4

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/spamassassin-spamd-2.44-1.ppc.rpm
       MD5 checksum: 406b6a39afb4de1f6087cc8b7549f2a5

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/spamassassin-tools-2.44-1.ppc.rpm
       MD5 checksum: 1e8077bc27b5af0121284e97c7b0b05b


-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.

For i386 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security



More information about the pld-security-announce mailing list