SpamAssassin provides a way to reduce unsolicited commercial email (spam) from incoming email.
Martin Krafft discovered a symlink issue in SpamAssassin that affects certain non-default configurations. A local user could use this flaw to create or overwrite files writable by the spamd process (CVE-2007-2873).
Users of SpamAssassin should upgrade to these updated packages which contain a backported patch to correct this issue.
Note: This issue did not affect the version of SpamAssassin shipped with Red Hat Enterprise Linux 3.