SpamAssassin and Vipul's Razor are vulnerable to a Denial of Service attack when handling certain malformed messages.
|Package||mail-filter/spamassassin on all architectures|
|Affected versions||< 3.0.4|
|Unaffected versions||>= 3.0.4, < 3.0.1|
|Package||mail-filter/razor on all architectures|
|Affected versions||< 2.74|
|Unaffected versions||>= 2.74|
SpamAssassin is an extensible email filter which is used to identify junk email. Vipul's Razor is a client for a distributed, collaborative spam detection and filtering network.
SpamAssassin and Vipul's Razor contain a Denial of Service vulnerability when handling special misformatted long message headers.
By sending a specially crafted message an attacker could cause a Denial of Service attack against the SpamAssassin/Vipul's Razor server.
There is no known workaround at this time.
All SpamAssassin users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.0.4"
All Vipul's Razor users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-filter/razor-2.74"