Description: A vulnerability has been reported in SpamAssassin, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the use of an inefficient regular expression in "/SpamAssassin/Message.pm" to parse email headers. This can cause perl to crash when it runs out of stack space and can be exploited via a malicious email that contains a large number of recipients. The vulnerability has been reported in version 3.0.4. Prior versions may also be affected. Solution: Update to version 3.1.0. http://spamassassin.apache.org/downloads.cgi?update=200509141634 Provided and/or discovered by: Irina and Mark Martinec. Original Advisory: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4570
Perl please provide an updated ebuild. AFAIR bumping works fine when you remove references to the STATISTICS sets.
This also fixes bug #72109 for me.
ebuild for SpamAssassin 3.1.0 : http://bugs.gentoo.org/show_bug.cgi?id=106028
Unless spamd crashes I'm not sure this is really a security issue though. Perl please advise.
3.1.0 went into the tree yesterday. (Of course, I'm still cleaning up my rusty ebuild making skills)
Raches please test and mark 3.1.0 stable... Target keywords for 3.1.0 : KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86 mips"
Tested against sample email in spamassassin bugzilla bug. Everything checks out. Stable on SPARC.
I hereby bless you with the alpha keyword. Cheers, Ferdy
Stable on x86
stable on ppc64
Stable on ppc and hppa.
amd64 happy
This one is ready for GLSA decision. Until someone verify that spamd is affected I vote NO.
From http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4570#c21 : I'm not sure if it's possible to actually use this to cause a practical DoS, btw. it would be possible to get a message passed as nonspam (through scanner failure), but the scanner should recover the dead child process immediately for later scans; spamd is resilient in the face of the Mail::SpamAssassin classes blowing up. So I vote NO too, and closing.
Please see bug #113021 - mail-filter/spamassassin-3.1.0, which seems to have been rushed to stable due to this bug, misses an RDEPEND.
(In reply to comment #15) > Please see bug #113021 - mail-filter/spamassassin-3.1.0, which seems to have > been rushed to stable due to this bug, misses an RDEPEND. Fixed and in portage