Gentoo: Mail-SpamAssasin arbitrary code execution vulnerability
Summary
- -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200302-01 - -------------------------------------------------------------------- DATE : 2003-02-02 13:25 UTC
- --------------------------------------------------------------------
From advisory:
"Attacker may be able to execute arbitrary code by sending a specially crafted e-mail to a system using SpamAssassin's spamc program in BSMTP mode (-B option). Versions from 2.40 to 2.43 are affected."
Read the full advisory at http://marc.theaimsgroup.com/?l=bugtraq&m=104342896818777&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running dev-perl/Mail-SpamAssasin to Mail-SpamAssasin-2.44 as follows:
emerge sync emerge -u Mail-SpamAssasin emerge clean
- -------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at - --------------------------------------------------------------------