> Linux Reviews > News and headlines > 2007 News archive > July >

SpamAssassin 3.2.1 and 3.1.9 released

SpamAssassin 3.2.1 and 3.1.9 released lr

These new versions fix a local user symlink-attack denial of service vulnerability which is possible under extremely rare configurations.

SpamAssassin plays an important role in most common Linux mailserver configurations. The DoS vulnerability is, however, not possible on most setups. CVE-2007-2873 states that:

"It only affects systems where spamd is run as root, is used with vpopmail or virtual users via the "-v"/"vpopmail" OR "virtual-config-dir" switch, AND with the "-x"/"no-user-config AND WITHOUT the "-u"/"username" switch AND with the "-l"/"--allow-tell" switch."

The new versions became available 2007-06-11, so packages are now available for most distributions. The new verisons include some other minor fixes too, so upgrading may be a good idea regardless of you mailserver using the above mentioned very rare setup or not.

The SpamAssassin homepage is http://spamassassin.apache.org/


> Linux Reviews > News and headlines > 2007 News archive > July >
SpamAssassin 3.2.1 and 3.1.9 released