Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 635
Alerts This Week
Warning Icon 1 635

Ubuntu: USN-3811-1 Critical: SpamAssassin Remote Code Execution Issues

ubuntu
Calendar Grey November 6, 2018
Dist Ubuntu Esm H88
Numerous security weaknesses in SpamAssassin were mitigated in Ubuntu's security announcement USN-3811-1 dated November 6, 2018.
Several security issues were fixed in SpamAssassin.

Summary

Several security issues were fixed in SpamAssassin.

Software Description:

- spamassassin: Perl-based spam filter using text analysis

Details:

It was discovered that SpamAssassin incorrectly handled certain unclosed

tags in emails. A remote attacker could possibly use this issue to cause a

denial of service. (CVE-2017-15705)

It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin.

A remote attacker could possibly use this issue to execute arbitrary code.

(CVE-2018-11780)

It was discovered that SpamAssassin incorrectly handled meta rule syntax. A

local attacker could possibly use this issue to execute arbitrary code.

(CVE-2018-11781)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  spamassassin                    3.4.2-0ubuntu0.18.04.1

Ubuntu 16.04 LTS:
  spamassassin                    3.4.2-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
  spamassassin                    3.4.2-0ubuntu0.14.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References

https://ubuntu.com/security/notices/USN-3811-1

CVE-2017-15705, CVE-2018-11780, CVE-2018-11781

Severity
critical
Lowest
Low
Medium
High
Critical

November 06, 2018

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.