CentOS Errata and Security Advisory CESA-2006:0129
SpamAssassin provides a way to reduce unsolicited commercial email (SPAM) from incoming email.
A denial of service bug was found in SpamAssassin. An attacker could construct a message in such a way that would cause SpamAssassin to crash. If a number of these messages are sent, it could lead to a denial of service, potentially preventing the delivery or filtering of email. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-3351 to this issue.
The following issues have also been fixed in this update:
Users of SpamAssassin should upgrade to this updated package containing version 3.0.5, which is not vulnerable to these issues.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2006-March/012703.html http://lists.centos.org/pipermail/centos-announce/2006-March/012707.html http://lists.centos.org/pipermail/centos-announce/2006-March/012711.html http://lists.centos.org/pipermail/centos-announce/2006-March/012729.html http://lists.centos.org/pipermail/centos-announce/2006-March/012736.html
Affected packages: spamassassin
Upstream details at: https://rhn.redhat.com/errata/RHSA-2006-0129.html