leak in spamassassin

Hi all,

I've seen that spamassassin has brought out a patch for a
security leak. 
See: http://lwn.net/Articl
es/186444/

To make the leak exploitable, spamd must be run with the
"-v" / "--vpopmail" 
switch, and with the "-P" /
"--paranoid" switch.

Does anyone know if this the default in KOLAB and how can I
check to make sure 
that my installation does not use these?

Many thanks,

Ger

_______________________________________________
Kolab-users mailing list
Kolab-userskolab.org
https:
//kolab.org/mailman/listinfo/kolab-users

On Wednesday, 7. June 2006 10:46, Ger Apeldoorn wrote:
> Hi all,
>
> I've seen that spamassassin has brought out a patch
for a security leak.
> See: http://lwn.net/Articl
es/186444/
>
> To make the leak exploitable, spamd must be run with
the "-v" /
> "--vpopmail" switch, and with the
"-P" / "--paranoid" switch.

Hi,
Further spamd must be reachable from the internet which is
not the default.

> Does anyone know if this the default in KOLAB and how
can I check to make
> sure that my installation does not use these?

I have checked the rc scripts under /kolab/etc/rc.d and
looked how 
spamassassin is started, and I can not find any -v nor -P
switch. So I assume 
that you're not effected.

regards 
Torsten

-- 
Torsten Irländer                                   
Intevation GmbH

torsten.irlaenderintevation.de
http://www.intevation.de/
_______________________________________________
Kolab-users mailing list
Kolab-userskolab.org
https:
//kolab.org/mailman/listinfo/kolab-users