SpamAssassin Release version 3.1.8
Looks like a new version of SpamAssassin (SA) came out yesterday, version 3.1.8.  Take a look at the advisory here.  
This looks like a maintenance AND security release. It patches CVE-2007-0451, a "possible DoS due to incredibly long URIs found in the message content". According to fellow handler, Bojan, SA can be made to suck up large amounts of memory and CPU processing an e-mail message with the appropriate URL in the body. Also, note that versions 3.1-3.1.7 are thought to be vulnerable, it is unclear whether earlier versions are also affected,. The upcoming 3.2 release will also contain the fix.
Time to patch!
Joel Esler
http://handlers.sans.org/jesler
This looks like a maintenance AND security release. It patches CVE-2007-0451, a "possible DoS due to incredibly long URIs found in the message content". According to fellow handler, Bojan, SA can be made to suck up large amounts of memory and CPU processing an e-mail message with the appropriate URL in the body. Also, note that versions 3.1-3.1.7 are thought to be vulnerable, it is unclear whether earlier versions are also affected,. The upcoming 3.2 release will also contain the fix.
Time to patch!
Joel Esler
http://handlers.sans.org/jesler
Keywords: 
0 comment(s)
  
  ×
  
  ![modal content]() 
  
  
Diary Archives
         
              
Comments