To my knowledge, there are no security issues in version 4.3.1.  I've since 
fixed several bugs that can cause crashes, but nothing I can imagine could be a 
security risk.

There have been recent bugs in OpenSSL and glibc; those libraries should 
definitely be upgraded anyway.  spamdyke loads the libraries dynamically, which 
means they aren't included in the spamdyke binary, so just upgrading them 
should be enough -- the next time spamdyke starts (when the next remote server 
connects) it'll load the new version(s).

If it's any consolation, spamdyke isn't vulnerable to the recent glibc "GHOST" 
bug -- the last version to use the vulnerable gethostbyname() function was 
3.0.1, back in 2007.

-- Sam Clippinger

On Feb 2, 2015, at 3:40 PM, Faris Raouf via spamdyke-users 
<> wrote:

> Dear all,
> Forgive me for asking this question – I’m not a coder.
> I’ve noticed that a few systems I look after use Spamdyke 4.3.1, compiled 
> back in 2012 or 2013.
> Are there any security issues with this version?
> Would any of the various vulnerabilities found in certain ancillary linux 
> packages over the past few years have any impact (i.e. I’m wondering if I 
> should recompile).
> _______________________________________________
> spamdyke-users mailing list

spamdyke-users mailing list

Reply via email to