Synopsis:          Moderate: spamassassin security update
Issue date:        2007-06-13
CVE Names:         CVE-2007-2873

Description:

Martin Krafft discovered a symlink issue in SpamAssassin that affects
certain non-default configurations. A local user could use this flaw to
create or overwrite files writable by the spamd process (CVE-2007-2873).

SL 4.x:

   SRPMS:
 	spamassassin-3.1.9-1.el4.src.rpm
   i386:
 	spamassassin-3.1.9-1.el4.i386.rpm
   x86_64:
 	spamassassin-3.1.9-1.el4.x86_64.rpm

SL 5.x:

   SRPMS:
 	spamassassin-3.1.9-1.el5.src.rpm
   i386:
 	spamassassin-3.1.9-1.el5.i386.rpm
   x86_64:
 	spamassassin-3.1.9-1.el5.x86_64.rpm

--Connie Sieh
--Troy Dawson