Debian alert DLA-2037-1 (spamassassin)
| From: | Emilio Pozuelo Monfort <pochu@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 2037-1] spamassassin security update | |
| Date: | Mon, 16 Dec 2019 14:12:53 +0100 | |
| Message-ID: | <be3fda62-f91e-3a3d-b22c-c62b2093f8d3@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : spamassassin Version : 3.4.2-0+deb8u2 CVE ID : CVE-2018-11805 CVE-2019-12420 Debian Bug : 946652 946653 Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. CVE-2018-11805 Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios. CVE-2019-12420 Specially crafted mulitpart messages can cause spamassassin to use excessive resources, resulting in a denial of service. For Debian 8 "Jessie", these problems have been fixed in version 3.4.2-0+deb8u2. We recommend that you upgrade your spamassassin packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl33gtIACgkQnUbEiOQ2 gwJGYxAA0T39Nu3IyQt2JBIxz2hxUI9RNiCd/r3o91ZALLqr/O6Hv0fqN/1s1rtR T4hNZ+y33te3EJqDQFxBpBHHVQT3EBKpktOOJKbKwqI9mHb3Sr0VWLizZdxfDrrt NO0ULeEyEOLSHosace9pkTn8CBCNsvyTqV28IX9IYKeZW8Z5sR2RrE9JUSpDKH0A dfDBbay0VjU9a+cRfAVH2b/b3ZgysGhzAGWQsctsWwYnZWXk+A87ioWSI1P6Kkc7 OVQWxQuyrQQYJg6r3jqetJknodmsUKyN8VsfA8n3nJw+EAqKt4LJNhohMLTlsR9V oZHn9lDLpfUCef2GQvQpC+0gsqZeMho+B2yDRLxHJa+e0N8/hmTjWfcL4RnJwleJ CtroeR6jy345SJCUaL4K1irhuH/qQeM4kuo5xE4AIWruuco+1xjKC+Vu74FsH0Lc Lflwcjnh1KWxCg9AWyE2AMPCW4LLMGjRhrQh9gXRw76FetzDuR1zmUkucIxZVBmc 3kis7wgNUCcBubRuVab8o83l771hh4qYMTCrzpi06XgJHmMoSuS6x9pCiXQp0OHh HmJYqbpxoJQA2VhZ1K8hRHcspFeq+ghyVpn74RGuU4a8F9OoFpYdUtp/pK9CB6hG q5VrK/aqcefcEDInjENwpbE2Qjs5t5ZMV0J1UBKuzPd2TGXS4ZY= =rs41 -----END PGP SIGNATURE-----