(RHSA-2006:0129) spamassassin security update

SpamAssassin provides a way to reduce unsolicited commercial email (SPAM)
from incoming email.

A denial of service bug was found in SpamAssassin. An attacker could
construct a message in such a way that would cause SpamAssassin to crash.
If a number of these messages are sent, it could lead to a denial of
service, potentially preventing the delivery or filtering of email. The
Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the
name CVE-2005-3351 to this issue.

The following issues have also been fixed in this update:

• service spamassassin restart sometimes fails
• Content Boundary “–” throws off message parser
• sa-learn: massive memory usage on large messages
• High memory usage with many newlines
• service spamassassin messages not translated
• Numerous other bug fixes that improve spam filter accuracy and safety

Users of SpamAssassin should upgrade to this updated package containing
version 3.0.5, which is not vulnerable to these issues.