Updated spamassassin packages fix security vulnerabilities
Publication date: 30 Oct 2018Modification date: 30 Oct 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2016-1238 , CVE-2017-15705 , CVE-2018-11780 , CVE-2018-11781
Description
Updated spamassassin package fixes security vulnerabilities: A reliance on "." in @INC in one configuration script (CVE-2016-1238). A denial of service vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts (CVE-2017-15705). A potential Remote Code Execution bug with the PDFInfo plugin (CVE-2018-11780). A local user code injection in the meta rule syntax (CVE-2018-11781).
References
- https://bugs.mageia.org/show_bug.cgi?id=23590
- https://www.openwall.com/lists/oss-security/2018/09/16/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1238
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15705
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11780
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11781
SRPMS
6/core
- spamassassin-3.4.2-1.5.mga6
- spamassassin-rules-3.4.2-1.1.mga6