Advisories ยป MGASA-2018-0425

Updated spamassassin packages fix security vulnerabilities

Publication date: 30 Oct 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2016-1238 , CVE-2017-15705 , CVE-2018-11780 , CVE-2018-11781


Updated spamassassin package fixes security vulnerabilities:

A reliance on "." in @INC in one configuration script (CVE-2016-1238).

A denial of service vulnerability arises with certain unclosed tags in
emails that cause markup to be handled incorrectly leading to scan
timeouts (CVE-2017-15705).

A potential Remote Code Execution bug with the PDFInfo plugin

A local user code injection in the meta rule syntax (CVE-2018-11781).