Mageia 6: 2018-0425 Moderate: Spamassassin DoS and Code Injection
mageia
October 30, 2018
Updated spamassassin package fixes security vulnerabilities: A reliance on "." in @INC in one configuration script (CVE-2016-1238)
Summary
Updated spamassassin package fixes security vulnerabilities:
A reliance on "." in @INC in one configuration script (CVE-2016-1238).
A denial of service vulnerability arises with certain unclosed tags in
emails that cause markup to be handled incorrectly leading to scan
timeouts (CVE-2017-15705).
A potential Remote Code Execution bug with the PDFInfo plugin
(CVE-2018-11780).
A local user code injection in the meta rule syntax (CVE-2018-11781).
References
- https://bugs.mageia.org/show_bug.cgi?id=23590
- https://www.openwall.com/lists/oss-security/2018/09/16/1
- https://www.cve.org/CVERecord?id=CVE-2016-1238
- https://www.cve.org/CVERecord?id=CVE-2017-15705
- https://www.cve.org/CVERecord?id=CVE-2018-11780
- https://www.cve.org/CVERecord?id=CVE-2018-11781
Topics Covered
Resolution
SRPMS
- 6/core/spamassassin-3.4.2-1.5.mga6
PREVIOUS
NEXT
Publication date: 30 Oct 2018
URL: https://advisories.mageia.org/MGASA-2018-0425.html
Type: security
CVE: CVE-2016-1238,
CVE-2017-15705,
CVE-2018-11780,
CVE-2018-11781
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!