SpamAssassin SECURITY UPDATE

Korsakoff

Verified User
Joined
Aug 14, 2004
Messages
11
Hello,

SpamAssassin contain vulns:

SpamAssassin SpamAssassin 2.40
SpamAssassin SpamAssassin 2.41
SpamAssassin SpamAssassin 2.42
SpamAssassin SpamAssassin 2.43
SpamAssassin SpamAssassin 2.44
SpamAssassin SpamAssassin 2.50
SpamAssassin SpamAssassin 2.55
SpamAssassin SpamAssassin 2.60
SpamAssassin SpamAssassin 2.63

see http://www.securityfocus.com/bid/10957 for more information, you need to update to version 2.64.

Korsakoff
 
DA needs to update its package then...But by reading the scripts, it seems that the standard spamassassin.org package should do.

Also, on a freebsd server, it seems spam.sh is looking in the wrong folder:

WEBFILE=http://files.directadmin.com/services/9.0/Mail-SpamAssassin-${VERSION}.tar.gz

Shouldn't it be looking in the freebsd5.1 folder (even if there is only one source file for all platforms)? Or maybe it would be a good idea to have a general allplatforms folder for those scripts that can be installed anywhere?
 
Last edited:
jep said:
When will the DA package be ready?
I can't see any reason why you would have to use it. The installer does exactly the same thing that you would do if you were to grab the tar.gz from the SA site and install it manually
 
The new release has a number of new features that will be attractive to people combatting spam.

NB: Read the upgrade + install files before upgrading it.
There are a number of significant changes that will affect Bayes and other elements

If you can install it via Cpan it might be easier, as it will resolve any dependencies
 
The version DirectAdmin uses is: SpamAssassin 2.64 (2004-01-11)

How would I go about updating to 3.0?
 
werwin01 said:
The version DirectAdmin uses is: SpamAssassin 2.64 (2004-01-11)

How would I go about updating to 3.0?
Grab the tarball from the SA site and read carefully the INSTALL and UPGRADE docs, as there are a number of significant differences. If you are using Bayes you will need to upgrade the DB format before the upgrade. There are also a number of other Perl modules that it uses that are not installed by default with the 2.6* series.
 
Back
Top