Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in SpamAssassin (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in SpamAssassin (Aktualisierung)
ID: USN-4899-2
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 ESM
Datum: Mo, 12. April 2021, 23:46
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1946
Applikationen: SpamAssassin
Update von: Ausführen beliebiger Kommandos in SpamAssassin

Originalnachricht


--===============6842223070438337669==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="4Ckj6UjgE2iN1+kY"
Content-Disposition: inline


--4Ckj6UjgE2iN1+kY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4899-2
April 12, 2021

spamassassin vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM

Summary:

SpamAssassin could be made to run programs if it opened a specially crafted
file.

Software Description:
- spamassassin: Perl-based spam filter using text analysis

Details:

USN-4899-1 fixed a vulnerability in SpamAssassin. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF
files. If a user or automated system were tricked into using a specially-
crafted CF file, a remote attacker could possibly run arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
spamassassin 3.4.2-0ubuntu0.14.04.1+esm3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-4899-2
https://ubuntu.com/security/notices/USN-4899-1
CVE-2020-1946

--4Ckj6UjgE2iN1+kY
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmB0RJYACgkQRbznW4QL
H2ka9Q//acr5EsoQKqGiLOQR+UhPFUVNgBv1JphuBOvl63+ErtF5gruI5dKdLpLn
qnz84a/kbko+ruUKwZXh2bmlvUnZ7koJIqexJe/Ea8c13BbOByU2b/XNVDhdPLqQ
rytCaaSW/creMF+QLzakJszG2cLODoRq20vWuhuYM3JrLHsq47QKghZwAMd8UWVp
LIplRQm3nqRsT9osk7MOPMB+EWSzAPS5+Nl2ZtWI6u1KJkv8hTWKlgFrrIEVsOIN
DY867sliBTIydwLvD1lyADcS07+9X04veKXxHMWo3+NXGMNFZqtx8wYPHs3OGZXu
wyfiAB3T4FnNC4lAH0QtT0U9snhsXc95dAgPkUss6Mz81dlvkOVnte0czV7uw7qC
H4HxVFUXIa9qvaaUlrN+ueo8VHiijSoH0BnoLakd0Jj8jZn4b+XC6Z3zRjODLD6y
OXo55LbFumprYR7rYgdr1c0DBEezhNFSZO52Gdty6KRnLKkGIPzz0uhvEfYo5mVa
smQbGk8XkNm4wiU1WHdKFmHNphEQA9zQk/QB/xyCV3Vr41ILxowpOLKbKRcN6pIL
byItKREzw1LnmWO73Gi3Yu2wmiBIQFJ26n2kEUua7DUnpnDoCe6+jWz5A5o19Bj4
suxBFLiMf7kUBrRIZRb+Nez0nn4YSYOz1Nak50Eble1kfe2Rt5k=
=cHNZ
-----END PGP SIGNATURE-----

--4Ckj6UjgE2iN1+kY--


--===============6842223070438337669==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung