You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa spamassassin

Sigurnosni nedostaci programskog paketa spamassassin

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3811-1
November 06, 2018

spamassassin vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in SpamAssassin.

Software Description:
– spamassassin: Perl-based spam filter using text analysis

Details:

It was discovered that SpamAssassin incorrectly handled certain unclosed
tags in emails. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2017-15705)

It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin.
A remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-11780)

It was discovered that SpamAssassin incorrectly handled meta rule syntax. A
local attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-11781)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
spamassassin 3.4.2-0ubuntu0.18.04.1

Ubuntu 16.04 LTS:
spamassassin 3.4.2-0ubuntu0.16.04.1

Ubuntu 14.04 LTS:
spamassassin 3.4.2-0ubuntu0.14.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3811-1
CVE-2017-15705, CVE-2018-11780, CVE-2018-11781

Package Information:
https://launchpad.net/ubuntu/+source/spamassassin/3.4.2-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/spamassassin/3.4.2-0ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/spamassassin/3.4.2-0ubuntu0.14.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlvh06YACgkQZWnYVadE
vpOjCA//VDFyHdd0XmpDBdUE+mgHgzYmkjmluw+KbjfMXuGtVOJ8Hrsa75LLxBpZ
1n7wumtK+n/bD4Csg7JVhTOqANRKjF0VRMBd7uHdhhkm0ruBf+vcyuULpUrriHZ7
J+pyhJ53wGSLoABn7dWkeTa6N5LaMkabPIM9OpkQIrFIn0/9Eqv/nHtk3FLOMhWY
sMhFfr5ZNNpR34SIXLd8Um2oZ8TTn9jNUmGJNYxqp2LyIPXHdE2tlKmjpqw8kxB4
fZDtxpVSO9zNUHu67Mfx+vEf/hdzoqxycyuSqDXahm+Ty4DicaMZsZrn8wVzkzE0
DucBEMJCXIHNXHNOka8rdw6I1CoSYCYRjNpFh5X+g2oVmUBv6XHqwl9lmHDyypzl
/YJQ6Hdu2NFfWwlfjF3ehOpT2AP+H3OEOBpgTW4AlCf1H+Dlr0EXysfViaF1h0CJ
NNVNfKiNhqz5+thT1MRfU25Bj20rLoZ5RpH1KnSEkTyMSPOQeoFtA375FgiZutiF
zucr004V/lYV1Mhx/7h+1QQCKMmOAeed16zJnXcrW3ig+5mmsqYLTujqJbKtsklG
0mGFKJNbm7ygaSRPEunzi5LBphtgENTWEy9EmJG3g40EP1wz4ZLVB8sOy32bXLux
Sqm5wNSyggzbcdrNd85CQMuPwtxRRCwRa/20ZVeY8bwC4b5rVxs=
=lc+4
—–END PGP SIGNATURE—–

AutorJosip Papratovic
Cert idNCERT-REF-2018-11-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libxkbcommon

Otkriveni su sigurnosni nedostaci programske biblioteke libxkbcommon za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja. Savjetuje...

Close