Topic: Spamassassin update

[isi]

Hey,

there is an security issue with Spamassassin.

Apache SpamAssassin 3.0.4 was recently released
• , and fixes a denial

of service vulnerability in versions 3.0.1, 3.0.2, and 3.0.3.  The
vulnerability allows certain misformatted long message headers to cause
spam checking to take a very long time.

While the exploit has yet to be seen in the wild, we are concerned that
there may be attempts to abuse the vulnerability in the future.
Therefore, we strongly recommend all users of these versions upgrade to
Apache SpamAssassin 3.0.4 as soon as possible.[/list]

http://marc.theaimsgroup.com/?l=spamassassin-users&m=111886566317295&w=2

How can i upgrade my Spamassassin?.

cu

[raem]

Watch here for the latest to be released
http://sme.swerts-knudsen.com/downloads/SpamFilter/

or get & build it yourself from
http://spamassassin.apache.org/

http://spamassassin.apache.org/downloads.cgi?update=200506061100

[bjoyce]

Hi, I have had issues with my email going off line at times when my CPU usage goes through the roof, my swap file also goes high and my local lan traffice increases at the same time.

The result is slow or no email.

A reset of the box fixes it until the next time.  Is this the sort of thing you would expect from a denial of service attacke.

My Spamassasin is
spamassassin-tools-3.1.0-1
spamassassin-3.1.0-1

I am running SME 6.0.1
[/img]

[raem]

bjoyce

> I am running SME 6.0.1

See this howto for likely answers

http://mirror.contribs.org/smeserver//contribs/rmitchell/smeserver/howto/Mail%20system%20tweaks%20HOWTO%20for%20sme%20server.htm

[alejandro]

Watch here for the latest to be released
http://sme.swerts-knudsen.com/downloads/SpamFilter/

or get & build it yourself from
http://spamassassin.apache.org/

http://spamassassin.apache.org/downloads.cgi?update=200506061100

with sme7 RC3

package spamassassin-3.0.5-3.el4 (which is newer than spamassassin-3.0.4-1) is already installed