SUSE: 2020:2028-2 Urgent: OpenSSL Vulnerability Patch Released
suse
July 24, 2019
An update that fixes four vulnerabilities is now available
Summary
This update for spamassassin to version 3.4.2 fixes the following issues: Security issues fixed: - CVE-2017-15705: Fixed denial of service via unclosed tags in crafted emails (bsc#1108745). - CVE-2018-11781: Fixed a code injection in the meta rule syntax by local users (bsc#1108748). - CVE-2018-11780: Fixed a potential remote code execution vulnerability in PDFInfo plugin (bsc#1108750). Non-security issues fixed: - Added four new plugins (disabled by default): HashBL, ResourceLimits, FromNameSpoof, Phishing - sa-update script: optional support for SHA-256 / SHA-512 been added for better validation of rules - GeoIP2 support has been added to RelayCountry and URILocalBL plugins - Several new or enhanced configuration options Patch Instructions:
References
#1108745 #1108748 #1108750
Cross- CVE-2016-1238 CVE-2017-15705 CVE-2018-11780
CVE-2018-11781
Affected Products:
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Desktop 12-SP4
https://www.suse.com/security/cve/CVE-2016-1238.html
https://www.suse.com/security/cve/CVE-2017-15705.html
https://www.suse.com/security/cve/CVE-2018-11780.html
https://www.suse.com/security/cve/CVE-2018-11781.html
https://bugzilla.suse.com/1108745
https://bugzilla.suse.com/1108748
https://bugzilla.suse.com/1108750
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2019:1961-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!