what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Linux Security Advisory 736-1

Debian Linux Security Advisory 736-1
Posted Jul 1, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 736-1 - A vulnerability was recently found in the way that SpamAssassin parses certain email headers. This vulnerability could cause SpamAssassin to consume a large number of CPU cycles when processing messages containing these headers, leading to a potential denial of service (DOS) attack.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2005-1266
SHA-256 | f3b700e578e892727fa2bf59c0b378c378962a8ef3b57358fc301295ad1a29c7
Download | Favorite | View

Debian Linux Security Advisory 736-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory 736-1                       security@debian.org
http://www.debian.org/security/                            Michael Stone
July 01, 2005                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : spamassassin
Vulnerability  : mail header parsing error
Problem type   : remote DOS
Debian-specific: no
CVE Id(s)      : CAN-2005-1266
Debian Bug     : 314447

A vulnerability was recently found in the way that SpamAssassin parses
certain email headers. This vulnerability could cause SpamAssassin to
consume a large number of CPU cycles when processing messages containing
these headers, leading to a potential denial of service (DOS) attack. 

The version of SpamAssassin in the old stable distribution (woody) is
not vulnerable.

For the stable distribution (sarge), this problem has been fixed in
version 3.0.3-2. Note that packages are not yet ready for certain
architectures; these will be released as they become available.

For the unstable distribution (sid), this problem has been fixed in
version 3.0.4-1.

We recommend that you upgrade your sarge or sid spamassassin package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian 3.1 (sarge)
- ------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3-2.diff.gz
      Size/MD5 checksum:    44610 b1b383fc4f9dc0792ecd954fa99aaa56
    http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3.orig.tar.gz
      Size/MD5 checksum:   999558 ca96f23cd1eb7d663ab55db98ef8090c
    http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3-2.dsc
      Size/MD5 checksum:      776 4f3092c679992ad322598f4195f4800c

  Architecture independent packages:

    http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3-2_all.deb
      Size/MD5 checksum:   768948 b2d7f49923aa67d8a016e5a3b3545249

  alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_alpha.deb
      Size/MD5 checksum:    61552 84fcd819583c747545fda079a074d987

  i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_i386.deb
      Size/MD5 checksum:    58438 18138ce49c9d249fb5d93487e60481a2

  ia64 architecture (Intel ia64)

    http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_ia64.deb
      Size/MD5 checksum:    65020 65e214d1922317d511e23c32f7e19ff6

  m68k architecture (Motorola Mc680x0)

    http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_m68k.deb
      Size/MD5 checksum:    57536 b13aad3cb78a148e8838ddfdb301dbd5

  mips architecture (MIPS (Big Endian))

    http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_mips.deb
      Size/MD5 checksum:    60228 8578263361ff0e95ed0bddc2493d620e

  mipsel architecture (MIPS (Little Endian))

    http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_mipsel.deb
      Size/MD5 checksum:    60202 2338edb2f9679396005d490232147b7b

  powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_powerpc.deb
      Size/MD5 checksum:    60578 e547e452fc5e7ed28b04065af1b677a0

  s390 architecture (IBM S/390)

    http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_s390.deb
      Size/MD5 checksum:    59436 32ab8a7fef23ac35912ae51cc22aad29

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_sparc.deb
      Size/MD5 checksum:    58370 8791b8226b25a0bc5381f39257ecd547

- -------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iQCVAwUBQsSl5w0hVr09l8FJAQJckQP+It+rZFa4xKdZUM5f3OWBXEOUdxbsZ3vB
Q/2V/PHyNOP2xXT81M+ZUXk+Tggi4TuBFaxXfg/gHOuYE7vcfBfT/hpxjvgDgTXI
PDUQSpdRjmPMgQq84eUryJzQNwwXv5iVFjeKDrDTDd3qnBja707XZTUuotYGgUp2
KdvwCAkNzrE=
=TN0J
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close