Package : spamassassin
Vulnerability : programming error
Problem type : remote
CVE ID : CVE-2006-2447
A vulnerability has been discoverd in SpamAssassin, a Perl-based spam
filter using text analysis, that can allow remote attackers to execute
arbitrary commands. This problem only affects systems where spamd is
reachable via the internet and used with vpopmail virtual users, via
the "-v" / "--vpopmail" switch, and with the "-P" / "--paranoid"
switch which is not the default setting on Debian.
The old stable distribution (woody) is not affected by this problem.
For the stable distribution (sarge) this problem has been fixed in
For the volatile archive for the stable distribution (sarge) this
problem has been fixed in version 3.1.0a-0volatile3.
For the unstable distribution (sid) this problem has been fixed in
We recommend that you upgrade your spamd package.
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
will update the internal database
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge