Does anyone know if this effects the Mail::SpamAssassin perl libraries when used with amavisd-new? Eric Vollmer At 02:25 PM 2/2/2003 +0100, Daniel Ahlberg wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >- - -------------------------------------------------------------------- >GENTOO LINUX SECURITY ANNOUNCEMENT 200302-01 >- - -------------------------------------------------------------------- > >PACKAGE : Mail-SpamAssasin >SUMMARY : arbitrary code execution >DATE : 2003-02-02 13:25 UTC >EXPLOIT : remote > >- - -------------------------------------------------------------------- > >- From advisory: > >"Attacker may be able to execute arbitrary code by sending a specially >crafted e-mail to a system using SpamAssassin's spamc program in BSMTP >mode (-B option). Versions from 2.40 to 2.43 are affected." > >Read the full advisory at >http://marc.theaimsgroup.com/?l=bugtraq&m=104342896818777&w=2 > >SOLUTION > >It is recommended that all Gentoo Linux users who are running >dev-perl/Mail-SpamAssasin to Mail-SpamAssasin-2.44 as follows: > >emerge sync >emerge -u Mail-SpamAssasin >emerge clean > >- - -------------------------------------------------------------------- >alizat_private - GnuPG key is available at www.gentoo.org/~aliz >- - -------------------------------------------------------------------- >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.1 (GNU/Linux) > >iD8DBQE+PRxAfT7nyhUpoZMRAjBlAKCIBHUPx/LE/JJg130OosBtzfXNyACfY+/n >hQ1myVlS8MPcIc1BGzoLZzM= >=y8WM >-----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Mon Feb 03 2003 - 10:18:18 PST