Advisories » MGASA-2018-0425

Updated spamassassin packages fix security vulnerabilities

Publication date: 30 Oct 2018
Modification date: 30 Oct 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2016-1238 , CVE-2017-15705 , CVE-2018-11780 , CVE-2018-11781

Description

Updated spamassassin package fixes security vulnerabilities:

A reliance on "." in @INC in one configuration script (CVE-2016-1238).

A denial of service vulnerability arises with certain unclosed tags in
emails that cause markup to be handled incorrectly leading to scan
timeouts (CVE-2017-15705).

A potential Remote Code Execution bug with the PDFInfo plugin
(CVE-2018-11780).

A local user code injection in the meta rule syntax (CVE-2018-11781).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23590
• https://www.openwall.com/lists/oss-security/2018/09/16/1
• https://www.cve.org/CVERecord?id=CVE-2016-1238
• https://www.cve.org/CVERecord?id=CVE-2017-15705
• https://www.cve.org/CVERecord?id=CVE-2018-11780
• https://www.cve.org/CVERecord?id=CVE-2018-11781

SRPMS

6/core

• spamassassin-3.4.2-1.5.mga6
• spamassassin-rules-3.4.2-1.1.mga6