Projects / Apache SpamAssassin / Releases / Minor security fixes

RSS All releases tagged Minor security fixes

  •  12 Jun 2007 23:34

Release Notes: A local user symlink-attack DoS vulnerability (CVE-2007-2873) was fixed. It only affects systems where spamd is run as root, is used with vpopmail or virtual users via the "-v"/"--vpopmail" or "--virtual-config-dir" switch, and with the "-x"/"--no-user-config, and without the "-u"/"--username" switch, and with the "-l"/"--allow-tell" switch. This is not default on any distribution package, and is not a common configuration. Other miscellaneous bugs were also fixed.

Release Notes: A security fix prevented a denial of service attack open to certain malformed messages. Several very reliable rules were backported from the 3.0.0 codebase.

Release Notes: This release fixes a few high-priority bugs already fixed in the (as yet unreleased) 2.50, including a buffer overflow if you use "spamc -B". Note that this is not 2.50, which offers Bayesian filtering, etc. These bugs are already fixed in the 2.50 CVS tree, but that is not yet ready for release. This is a stable maintenance release only.


Project Spotlight


A weather logging application.


Project Spotlight

Task Coach

A friendly task manager.