Bug 228586
| Summary: | CVE-2007-0451 Spamassassin DoS | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 4 | Reporter: | Mark J. Cox <mjc> |
| Component: | spamassassin | Assignee: | Warren Togami <wtogami> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4.0 | CC: | security-response-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | reported=20070213,source=asf,public=20070213 | ||
| Fixed In Version: | RHSA-2007-0074 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-02-21 18:44:52 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Mark J. Cox
2007-02-13 21:29:22 UTC
I presume this flaw affects RHEL3 as well. Is the plan to upgrade to spamassassin 3.1.8, or to backport this fix? It appears we lucked out. RHEL3 is not effected in such a dangerous way. Just a slight delay, and no huge CPU or memory usage. I suspect we need not touch it for this CVE. Will do further verification. Upstream is releasing 3.1.8 today, and I am pushing it to Fedora now. Lifting Embargo An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0074.html |