You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa spamassassin

Sigurnosni nedostaci programskog paketa spamassassin

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4237-1
January 13, 2020

spamassassin vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.10
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in SpamAssassin.

Software Description:
– spamassassin: Perl-based spam filter using text analysis

Details:

It was discovered that SpamAssassin incorrectly handled certain CF files.
If a user or automated system were tricked into using a specially-crafted
CF file, a remote attacker could possibly run arbitrary code.
(CVE-2018-11805)

It was discovered that SpamAssassin incorrectly handled certain messages.
A remote attacker could possibly use this issue to cause SpamAssassin to
consume resources, resulting in a denial of service. (CVE-2019-12420)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
spamassassin 3.4.2-1ubuntu0.19.10.1

Ubuntu 19.04:
spamassassin 3.4.2-1ubuntu0.19.04.1

Ubuntu 18.04 LTS:
spamassassin 3.4.2-0ubuntu0.18.04.2

Ubuntu 16.04 LTS:
spamassassin 3.4.2-0ubuntu0.16.04.2

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4237-1
CVE-2018-11805, CVE-2019-12420

Package Information:
https://launchpad.net/ubuntu/+source/spamassassin/3.4.2-1ubuntu0.19.10.1
https://launchpad.net/ubuntu/+source/spamassassin/3.4.2-1ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/spamassassin/3.4.2-0ubuntu0.18.04.2
https://launchpad.net/ubuntu/+source/spamassassin/3.4.2-0ubuntu0.16.04.2

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl4coz4ACgkQZWnYVadE
vpOO7w//Vs3YVvFaNXSIL/qCTL1dCDHHjfwNdaeK2Z0RmHxF3XHfTVHPCwj5tgOM
5FkvWs5Bxp1KDO4hhPGjcrJ4UoFMuXu63+Xc+1Vbh1cUDZJJGPv/XFvmPIPJ8PJM
2eMwUy5M7LQqef1FnG9zytArDodEk4Yj5bTYXrxbjvuBkmkn/9LCY2kR4gUET3mO
x8VlEqI4qp1VSUUoZuJBz22XWCWHttUyHNJzZicjqbZarf7r6Kgkj1qVulbsPgDm
wHhP8alzBm+HIjQ42aXgBF9cNjIOn8sahlGvEfugwGALGrVRm8laFiHj/n+mn1NB
o95IZ3i0OSiIoBvWoFklUWeA0PfO917SxjcLVdGzq5Qq2Kej/97/uGbdUFA+XP0E
8jWlgwr6nnV7+qhro4hA2q8f87fIFP8+Nr1pXhyoBSYDUTGBOq+mfKawTbztrZGN
Yw6hsNR74xKV6RFpQ9biUAJ7kFBF4jpfuLzZkHsMcQfdSNQDoX65fFn3SwPPEjuq
/0xpshFC3Zr6qyN0DyiQ1IOVG/Urn/w0+awA3HvIUhQMxoN53Ru0F8xFiWn/eJZC
qD+qth1itxPoO8IWA9xrkU4/AwK8W0wITeeq2s1T3WNrbHerH/WWaALNj3ug8D10
xTqhV1AnlF0tDiJJhNL1Zd+j0aFzNJl5kV7MQN/yqO6KYxYURaY=
=CNw3
—–END PGP SIGNATURE—–

AutorToni Vugdelija
Cert idNCERT-REF-2020-01-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libvirt

Otkriven je sigurnosni nedostatak programske biblioteke libvirt za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja, izvršavanje...

Close