LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 18th, 2014
Linux Advisory Watch: July 13th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora Core 5 Update: spamassassin-3.1.9-1.fc5.1 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora Local symlink vulnerability. Fedora is not vulnerable in any default or common configurations. Read upstream's announcement for details. http://spamassassin.apache.org/advisories/cve-2007-2873.txt
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-584
2007-06-12
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : spamassassin
Version     : 3.1.9
Release     : 1.fc5.1
Summary     : Spam filter for email which can be invoked from mail delivery agents.
Description :
SpamAssassin provides you with a way to reduce if not completely eliminate
Unsolicited Commercial Email (SPAM) from your incoming email.  It can
be invoked by a MDA such as sendmail or postfix, or can be called from
a procmail script, .forward file, etc.  It uses a genetic-algorithm
evolved scoring system to identify messages which look spammy, then
adds headers to the message so they can be filtered by the user's mail
reading software.  This distribution includes the spamd/spamc components
which create a server that considerably speeds processing of mail.

To enable spamassassin, if you are receiving mail locally, simply add
this line to your ~/.procmailrc:
INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc

To filter spam for all users, add that line to /etc/procmailrc
(creating if necessary).

---------------------------------------------------------------------
Update Information:

Local symlink vulnerability. Fedora is not vulnerable in any
default or common configurations. Read upstream's
announcement for details.

http://spamassassin.apache.org/advisories/cve-2007-2873.txt
---------------------------------------------------------------------
* Tue Jun 12 2007 Warren Togami  3.1.9-1.fc5.1
- with proper deps for FC5
* Mon Jun 11 2007 Warren Togami  3.1.9-1
- 3.1.9 CVE-2007-2873
* Mon Feb 19 2007 Warren Togami  3.1.8-2
- Fix sa-learn regression (#228968)
* Tue Feb 13 2007 Warren Togami  3.1.8-1
- 3.1.8 CVE-2007-0451
* Tue Feb 13 2007 Warren Togami  3.1.7-9
- silence sa-update cron script
* Wed Feb  7 2007 Warren Togami  3.1.7-8
- only restart spamd if necessary after sa-update (#227756)
* Wed Feb  7 2007 Warren Togami  3.1.7-7
- requires gnupg (#227738)
* Sun Jan 28 2007 Warren Togami  3.1.7-6
- explicit requires on perl(HTTP::Date) and perl(LWP::UserAgent) 
  (Bug #193100)
* Mon Jan 22 2007 Warren Togami  3.1.7-5
- fix typo in logrotate.d (#223817)
* Thu Jan 18 2007 Warren Togami  
- Options for RHEL4
    * spamc/spamd cannot connect over IPv6 or SSL
    * sa-update is disabled
  The above functionality requires perl modules not included in RHEL4.
  You may still use them if you get those perl modules from elsewhere.
  RHEL5 ships these perl modules.
* Thu Dec 14 2006 Warren Togami  - 3.1.7-4
- add standardized sa-update cron script, disabled by default
* Thu Dec 14 2006 Warren Togami  - 3.1.7-2
- own directory /var/lib/spamassassin
* Mon Nov 20 2006 Warren Togami  - 3.1.7-1
- 3.1.7 maintenance release
* Wed Aug  2 2006 Warren Togami  - 3.1.4-1
- 3.1.4 maintenance release
* Mon Jul 17 2006 Warren Togami  - 3.1.3-5
- req perl-IO-Socket-SSL for spamc/spamd SSL communication
- req perl-IO-Socket-INET6 for IPv6
* Wed Jul 12 2006 Jesse Keating  - 3.1.3-3.1
- rebuild
* Tue Jun 27 2006 Florian La Roche  - 3.1.3-3
- require diffutils for the post script (cmp is used)
* Wed Jun  7 2006 Warren Togami  - 3.1.3-2
- start spamd before sendmail (#193818)
- require perl-Archive-Tar (#193100)
* Mon Jun  5 2006 Warren Togami  - 3.1.3-1
- CVE-2006-2447
* Fri May 26 2006 Warren Togami  - 3.1.2-1
- 3.1.2 bug fix release
* Tue May  9 2006 Warren Togami  - 3.0.5-4
- Preserve timestamp and context of /etc/sysconfig/spamassassin (#178580)

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

d149196c0c9996e0b3b7269fba0764a26564d049  SRPMS/spamassassin-3.1.9-1.fc5.1.src.rpm
d149196c0c9996e0b3b7269fba0764a26564d049  noarch/spamassassin-3.1.9-1.fc5.1.src.rpm
ed38c2336f1bc1b45dc8a6538aaf8790c86ca91f  ppc/debug/spamassassin-debuginfo-3.1.9-1.fc5.1.ppc.rpm
bed8d94a07da4003157afa92b088d333fb81c8ab  ppc/spamassassin-3.1.9-1.fc5.1.ppc.rpm
e68d895f0a10ba026543052c5befe8f84d49c37f  x86_64/debug/spamassassin-debuginfo-3.1.9-1.fc5.1.x86_64.rpm
25dfab33bd05c9f1f8a1a810e84db97308e09f61  x86_64/spamassassin-3.1.9-1.fc5.1.x86_64.rpm
9c42dbba61e33334f3c2b4d5188dcaec07657bc1  i386/spamassassin-3.1.9-1.fc5.1.i386.rpm
8bc34c7eae33cd6505c1a4ad753d1202eaae2c42  i386/debug/spamassassin-debuginfo-3.1.9-1.fc5.1.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Anti-surveillance advocates want you to run an open, secure WiFi router
Attackers raid SWISS BANKS with DNS and malware bombs
A Convicted Hacker and an Internet Icon Join Forces to Thwart NSA Spying
Black Hat presentation on TOR suddenly cancelled
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.