Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:498

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.53093

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:498

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:498.

SpamAssassin provides a way to reduce unsolicited commercial email (SPAM)
from incoming email.

A denial of service bug has been found in SpamAssassin. An attacker could
construct a message in such a way that would cause SpamAssassin to consume
CPU resources. If a number of these messages were sent it could lead to a
denial of service, potentially preventing the delivery or filtering of
email. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-1266 to this issue.

SpamAssassin version 3.0.4 additionally solves a number of bugs including:
- - #156390 Spamassassin consumes too much memory during learning
- - #155423 URI blacklist spam bypass
- - #147464 Users may now disable subject rewriting
- - Smarter default Bayes scores
- - Numerous other bug fixes that improve spam filter accuracy and safety

For full details, please refer to the change details of 3.0.2, 3.0.3, and
3.0.4 in SpamAssassin's online documentation at the following address:
http://wiki.apache.org/spamassassin/NextRelease

Users of SpamAssassin should update to this updated package, containing
version 3.0.4 which is not vulnerable to this issue and resolves these bugs.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-498.html

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-1266
13978
http://www.securityfocus.com/bid/13978
DSA-736
http://www.debian.org/security/2005/dsa-736
GLSA-200506-17
http://security.gentoo.org/glsa/glsa-200506-17.xml
MDKSA-2005:106
http://www.mandriva.com/security/advisories?name=MDKSA-2005:106
RHSA-2005:498
http://www.redhat.com/support/errata/RHSA-2005-498.html
[spamassassin-announce] 20050615 Denial of Service Vulnerability in Apache SpamAssassin 3.0.1-3.0.3
http://mail-archives.apache.org/mod_mbox/spamassassin-announce/200506.mbox/%3c17072.35054.586017.822288%40proton.pathname.com%3e
http://bugs.gentoo.org/show_bug.cgi?id=94722
http://www.vuxml.org/freebsd/cc4ce06b-e01c-11d9-a8bd-000cf18bbe54.html
oval:org.mitre.oval:def:10901
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10901

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.53093
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:498
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:498. SpamAssassin provides a way to reduce unsolicited commercial email (SPAM) from incoming email. A denial of service bug has been found in SpamAssassin. An attacker could construct a message in such a way that would cause SpamAssassin to consume CPU resources. If a number of these messages were sent it could lead to a denial of service, potentially preventing the delivery or filtering of email. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1266 to this issue. SpamAssassin version 3.0.4 additionally solves a number of bugs including: - - #156390 Spamassassin consumes too much memory during learning - - #155423 URI blacklist spam bypass - - #147464 Users may now disable subject rewriting - - Smarter default Bayes scores - - Numerous other bug fixes that improve spam filter accuracy and safety For full details, please refer to the change details of 3.0.2, 3.0.3, and 3.0.4 in SpamAssassin's online documentation at the following address: http://wiki.apache.org/spamassassin/NextRelease Users of SpamAssassin should update to this updated package, containing version 3.0.4 which is not vulnerable to this issue and resolves these bugs. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-498.html Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1266 13978 http://www.securityfocus.com/bid/13978 DSA-736 http://www.debian.org/security/2005/dsa-736 GLSA-200506-17 http://security.gentoo.org/glsa/glsa-200506-17.xml MDKSA-2005:106 http://www.mandriva.com/security/advisories?name=MDKSA-2005:106 RHSA-2005:498 http://www.redhat.com/support/errata/RHSA-2005-498.html [spamassassin-announce] 20050615 Denial of Service Vulnerability in Apache SpamAssassin 3.0.1-3.0.3 http://mail-archives.apache.org/mod_mbox/spamassassin-announce/200506.mbox/%3c17072.35054.586017.822288%40proton.pathname.com%3e http://bugs.gentoo.org/show_bug.cgi?id=94722 http://www.vuxml.org/freebsd/cc4ce06b-e01c-11d9-a8bd-000cf18bbe54.html oval:org.mitre.oval:def:10901 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10901
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com