Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:498

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.53093

Kategorie: Red Hat Local Security Checks

Titel: RedHat Security Advisory RHSA-2005:498

Zusammenfassung: NOSUMMARY

Beschreibung: Description:

The remote host is missing updates announced in
advisory RHSA-2005:498.

SpamAssassin provides a way to reduce unsolicited commercial email (SPAM)
from incoming email.

A denial of service bug has been found in SpamAssassin. An attacker could
construct a message in such a way that would cause SpamAssassin to consume
CPU resources. If a number of these messages were sent it could lead to a
denial of service, potentially preventing the delivery or filtering of
email. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-1266 to this issue.

SpamAssassin version 3.0.4 additionally solves a number of bugs including:
- - #156390 Spamassassin consumes too much memory during learning
- - #155423 URI blacklist spam bypass
- - #147464 Users may now disable subject rewriting
- - Smarter default Bayes scores
- - Numerous other bug fixes that improve spam filter accuracy and safety

For full details, please refer to the change details of 3.0.2, 3.0.3, and
3.0.4 in SpamAssassin's online documentation at the following address:
http://wiki.apache.org/spamassassin/NextRelease

Users of SpamAssassin should update to this updated package, containing
version 3.0.4 which is not vulnerable to this issue and resolves these bugs.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-498.html

Risk factor : Medium

CVSS Score:
5.0

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2005-1266
13978
http://www.securityfocus.com/bid/13978
DSA-736
http://www.debian.org/security/2005/dsa-736
GLSA-200506-17
http://security.gentoo.org/glsa/glsa-200506-17.xml
MDKSA-2005:106
http://www.mandriva.com/security/advisories?name=MDKSA-2005:106
RHSA-2005:498
http://www.redhat.com/support/errata/RHSA-2005-498.html
[spamassassin-announce] 20050615 Denial of Service Vulnerability in Apache SpamAssassin 3.0.1-3.0.3
http://mail-archives.apache.org/mod_mbox/spamassassin-announce/200506.mbox/%3c17072.35054.586017.822288%40proton.pathname.com%3e
http://bugs.gentoo.org/show_bug.cgi?id=94722
http://www.vuxml.org/freebsd/cc4ce06b-e01c-11d9-a8bd-000cf18bbe54.html
oval:org.mitre.oval:def:10901
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10901

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.53093
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Security Advisory RHSA-2005:498
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory RHSA-2005:498. SpamAssassin provides a way to reduce unsolicited commercial email (SPAM) from incoming email. A denial of service bug has been found in SpamAssassin. An attacker could construct a message in such a way that would cause SpamAssassin to consume CPU resources. If a number of these messages were sent it could lead to a denial of service, potentially preventing the delivery or filtering of email. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1266 to this issue. SpamAssassin version 3.0.4 additionally solves a number of bugs including: - - #156390 Spamassassin consumes too much memory during learning - - #155423 URI blacklist spam bypass - - #147464 Users may now disable subject rewriting - - Smarter default Bayes scores - - Numerous other bug fixes that improve spam filter accuracy and safety For full details, please refer to the change details of 3.0.2, 3.0.3, and 3.0.4 in SpamAssassin's online documentation at the following address: http://wiki.apache.org/spamassassin/NextRelease Users of SpamAssassin should update to this updated package, containing version 3.0.4 which is not vulnerable to this issue and resolves these bugs. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-498.html Risk factor : Medium CVSS Score: 5.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1266 13978 http://www.securityfocus.com/bid/13978 DSA-736 http://www.debian.org/security/2005/dsa-736 GLSA-200506-17 http://security.gentoo.org/glsa/glsa-200506-17.xml MDKSA-2005:106 http://www.mandriva.com/security/advisories?name=MDKSA-2005:106 RHSA-2005:498 http://www.redhat.com/support/errata/RHSA-2005-498.html [spamassassin-announce] 20050615 Denial of Service Vulnerability in Apache SpamAssassin 3.0.1-3.0.3 http://mail-archives.apache.org/mod_mbox/spamassassin-announce/200506.mbox/%3c17072.35054.586017.822288%40proton.pathname.com%3e http://bugs.gentoo.org/show_bug.cgi?id=94722 http://www.vuxml.org/freebsd/cc4ce06b-e01c-11d9-a8bd-000cf18bbe54.html oval:org.mitre.oval:def:10901 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10901
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com