- ------------------------------------------------------------------------- Debian Security Advisory DSA-4584-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 14, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : spamassassin CVE ID : CVE-2018-11805 CVE-2019-12420 Debian Bug : 946652 946653 Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. CVE-2018-11805 Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios. CVE-2019-12420 Specially crafted mulitpart messages can cause spamassassin to use excessive resources, resulting in a denial of service. For the oldstable distribution (stretch), these problems have been fixed in version 3.4.2-1~deb9u2. For the stable distribution (buster), these problems have been fixed in version 3.4.2-1+deb10u1. We recommend that you upgrade your spamassassin packages. For the detailed security status of spamassassin please refer to its security tracker page at: https://security-tracker.debian.org/tracker/spamassassin Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected]
Debian: DSA-4584-1: spamassassin security update
December 14, 2019
Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis
Summary
CVE-2018-11805
Malicious rule or configuration files, possibly downloaded from an
updates server, could execute arbitrary commands under multiple
scenarios.
CVE-2019-12420
Specially crafted mulitpart messages can cause spamassassin to use
excessive resources, resulting in a denial of service.
For the oldstable distribution (stretch), these problems have been fixed
in version 3.4.2-1~deb9u2.
For the stable distribution (buster), these problems have been fixed in
version 3.4.2-1+deb10u1.
We recommend that you upgrade your spamassassin packages.
For the detailed security status of spamassassin please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/spamassassin
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
Severity
Two vulnerabilities were discovered in spamassassin, a Perl-based spam
filter using text analysis.
News
HOWTOs
Features
Strengthen Your Linux Endpoint Security & Zero Trust Strategy with Defense-in-Depth & Endpoint Encryption
Call for Contributors with Knowledge of Linux Firewalls!
How To Create a Transparent Proxy through the Tor Network to Protect Your Privacy Online with archtorify & kalitorify
You are Tracked Online - Why? And How To Avoid Being Tracked Online
Prepare Your Business for the Future of Cyberwar: A Review of The Art of Cyberwarfare
About Us
Powered By
