SpamAssassin and Vipul's Razor are vulnerable to a Denial of Service attack when handling certain malformed messages.
Package | mail-filter/spamassassin on all architectures |
---|---|
Affected versions | < 3.0.4 |
Unaffected versions | >= 3.0.4 < 3.0.1 |
Package | mail-filter/razor on all architectures |
---|---|
Affected versions | < 2.74 |
Unaffected versions | >= 2.74 |
SpamAssassin is an extensible email filter which is used to identify junk email. Vipul's Razor is a client for a distributed, collaborative spam detection and filtering network.
SpamAssassin and Vipul's Razor contain a Denial of Service vulnerability when handling special misformatted long message headers.
By sending a specially crafted message an attacker could cause a Denial of Service attack against the SpamAssassin/Vipul's Razor server.
There is no known workaround at this time.
All SpamAssassin users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.0.4"
All Vipul's Razor users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-filter/razor-2.74"