SpamAssassin: Denial of Service vulnerability — GLSA 200408-06

SpamAssassin is vulnerable to a Denial of Service attack when handling certain malformed messages.

Affected packages

Package 	mail-filter/spamassassin on all architectures
Affected versions 	<= 2.63-r1
Unaffected versions 	>= 2.64

Background

SpamAssassin is an extensible email filter which is used to identify spam.

Description

SpamAssassin contains an unspecified Denial of Service vulnerability.

Impact

By sending a specially crafted message an attacker could cause a Denial of Service attack against the SpamAssassin service.

Workaround

There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of SpamAssassin.

Resolution

All SpamAssassin users should upgrade to the latest version:

 # emerge sync
 
 # emerge -pv ">=mail-filter/spamassassin-2.64"
 # emerge ">=mail-filter/spamassassin-2.64"

References

    SpamAssassin Release Announcement
    CVE-2004-0796