Updated spamassassin packages fix security vulnerabilities
Publication date: 30 Oct 2018Modification date: 30 Oct 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2016-1238 , CVE-2017-15705 , CVE-2018-11780 , CVE-2018-11781
Description
Updated spamassassin package fixes security vulnerabilities:
A reliance on "." in @INC in one configuration script (CVE-2016-1238).
A denial of service vulnerability arises with certain unclosed tags in
emails that cause markup to be handled incorrectly leading to scan
timeouts (CVE-2017-15705).
A potential Remote Code Execution bug with the PDFInfo plugin
(CVE-2018-11780).
A local user code injection in the meta rule syntax (CVE-2018-11781).
References
- https://bugs.mageia.org/show_bug.cgi?id=23590
- https://www.openwall.com/lists/oss-security/2018/09/16/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1238
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15705
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11780
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11781
SRPMS
6/core
- spamassassin-3.4.2-1.5.mga6
- spamassassin-rules-3.4.2-1.1.mga6