|
Before you write us: nope, this is unlikely to be related to the "spam spam spam" article I wrote earlier.
Spamassassin has 2 new releases out. They fix vulnerabilities that -given specific command line options- opens up spamassassin to remote command execution as the user spamassassin is running as. Solution: upgrade to version 3.06 or 3.1.3 as soon as possible or do not use the vulnerable command line combination (aparently both "--vpopmail" and "-P" (paranoid) need to be turned on) as a workaround. Thanks to fellow handlers Jim and Patrick. If you do take the time to upgrade, I'd suggest to make sure you run it as a user that has hardly any rights and/or chroot it. -- Swa Frantzen - Section 66 |
Swa 760 Posts Jun 6th 2006 |
| Thread locked Subscribe |
Jun 6th 2006 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
