OPENSUSE-SU-2019:1831-1
Vulnerability Summary
Timeline
Description
Security update for spamassassin This update for spamassassin to version 3.4.2 fixes the following issues: Security issues fixed: - CVE-2018-11781: Fixed an issue where a local user could inject code in the meta rule syntax (bsc#1108748). - CVE-2018-11780: Fixed a potential remote code execution vulnerability in the PDFInfo plugin (bsc#1108750). - CVE-2017-15705: Fixed a denial of service through unclosed tags in crafted emails (bsc#1108745). - CVE-2016-1238: Fixed an issue where perl would load modules from the current directory (bsc#1108749). Non-security issues fixed: - Use systemd timers instead of cron (bsc#1115411) - Fixed incompatibility with Net::DNS >= 1.01 (bsc#1107765) - Fixed warning about deprecated regex during sa-update (bsc#1069831) This update was imported from the SUSE:SLE-15:Update update project.
Affected Systems
- opensuse•spamassassin&distro=openSUSE Leap 15.0
< 3.4.2-lp150.6.3.1
References (12)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XWM23J3YFXDJ4Y2P4EH532AXFSDKVM3Q/#XWM23J3YFXDJ4Y2P4EH532AXFSDKVM3Q
- https://bugzilla.suse.com/1069831
- https://bugzilla.suse.com/1107765
- https://bugzilla.suse.com/1108745
- https://bugzilla.suse.com/1108748
- https://bugzilla.suse.com/1108749
- https://bugzilla.suse.com/1108750
- https://bugzilla.suse.com/1115411
- https://www.suse.com/security/cve/CVE-2016-1238
- https://www.suse.com/security/cve/CVE-2017-15705
- https://www.suse.com/security/cve/CVE-2018-11780
- https://www.suse.com/security/cve/CVE-2018-11781