SpamAssassin: Long URI Denial of Service — GLSA 200703-02

SpamAssassin is vulnerable to a Denial of Service attack.

Affected Packages

mail-filter/spamassassin on all architectures
Affected versions < 3.1.8
Unaffected versions >= 3.1.8

Background

SpamAssassin is an extensible email filter used to identify junk email.

Description

SpamAssassin does not correctly handle very long URIs when scanning emails.

Impact

An attacker could cause SpamAssassin to consume large amounts of CPU and memory resources by sending one or more emails containing very long URIs.

Workaround

There is no known workaround at this time.

Resolution

All SpamAssassin users should upgrade to the latest version.

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.1.8"

References

Release Date
March 02, 2007

Latest Revision
March 02, 2007: 01

Severity
normal

Exploitable
remote

Bugzilla entries