drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in spamassassin
Name: |
Zwei Probleme in spamassassin |
|
ID: |
DSA-4584-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian stretch, Debian buster |
|
Datum: |
Sa, 14. Dezember 2019, 23:35 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11805 |
|
Applikationen: |
SpamAssassin |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4584-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 14, 2019 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : spamassassin CVE ID : CVE-2018-11805 CVE-2019-12420 Debian Bug : 946652 946653
Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis.
CVE-2018-11805
Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios.
CVE-2019-12420
Specially crafted mulitpart messages can cause spamassassin to use excessive resources, resulting in a denial of service.
For the oldstable distribution (stretch), these problems have been fixed in version 3.4.2-1~deb9u2.
For the stable distribution (buster), these problems have been fixed in version 3.4.2-1+deb10u1.
We recommend that you upgrade your spamassassin packages.
For the detailed security status of spamassassin please refer to its security tracker page at: https://security-tracker.debian.org/tracker/spamassassin
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl30/SJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SXcw/+IAVbfMfYo6ziYojovPMWgQsYoyN0m2vdiXiCIOFZZwSv1F4SXkoRAoQG sidPfSpjdSsTVa8btQ7EpRN4nNXlkFtL1k3JiVAcFGfasoTry7RDAhmeIN2hcAaP CckJlNusNebsRA/6EfbGM1Z/vmYInCY+Q0VM02xRubfbfunLXfU9ui5uZu5Gjqnt bgzRQLScVBWMCtbmhiib3p5vNEFiOnqwfBvaNaknvhCH0nQYtFWQDz9wje0uZKmZ cq1jSfehywXcDdeIQ6UQVJUXvxGhkaNOimkW1oHSWCrF6NOG17ip2bG1V7ToWf0r +GCbHt4rVwOqXDxEIOuWUldi+HH61UL4ZiD4jdyf/R1JxhuP59NfiidX2bZFmL6M hWLDtBIMNccyLyp+UhxI/c3mJy1u3YCOc11S4fFXvuc+PFc3vh4WNemb48qz0sWt GmvUicLEiMEEWRAPEwUSgEiOrKVIyQmjHBNS2SI1xBMtrsFcsHL4pubqSBh02GZ9 KFYyJC05vXDT0+xGL2e266rMNAWSWYHA/GCCfRiIy0w3T5W70cjIhj2R3ujkvz3K VSdYd4tImVeLsFfNgiobeE98nCbhZoslMDyJ9p5MBb2V4nnsKasxKJzbhJCsN7aO Bw0t4PXC55XPiOlJeSAj/BmrfvZBbBo1ckmNTqITn3UUNOn8uyE= =1VBK -----END PGP SIGNATURE-----
|
|
|
|