Описание
Security update for spamassassin
This update for spamassassin fixes the following issues:
- spamassassin was updated to version 3.4.5
- CVE-2019-12420: memory leak via crafted messages (bsc#1159133)
- CVE-2020-1946: security update (bsc#1184221)
Список пакетов
HPE Helion OpenStack 8
perl-Mail-SpamAssassin-3.4.5-44.13.1
spamassassin-3.4.5-44.13.1
SUSE Linux Enterprise Server 12 SP2-BCL
perl-Mail-SpamAssassin-3.4.5-44.13.1
spamassassin-3.4.5-44.13.1
SUSE Linux Enterprise Server 12 SP3-BCL
perl-Mail-SpamAssassin-3.4.5-44.13.1
spamassassin-3.4.5-44.13.1
SUSE Linux Enterprise Server 12 SP3-LTSS
perl-Mail-SpamAssassin-3.4.5-44.13.1
spamassassin-3.4.5-44.13.1
SUSE Linux Enterprise Server 12 SP4-LTSS
perl-Mail-SpamAssassin-3.4.5-44.13.1
spamassassin-3.4.5-44.13.1
SUSE Linux Enterprise Server 12 SP5
perl-Mail-SpamAssassin-3.4.5-44.13.1
spamassassin-3.4.5-44.13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
perl-Mail-SpamAssassin-3.4.5-44.13.1
spamassassin-3.4.5-44.13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
perl-Mail-SpamAssassin-3.4.5-44.13.1
spamassassin-3.4.5-44.13.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
perl-Mail-SpamAssassin-3.4.5-44.13.1
spamassassin-3.4.5-44.13.1
SUSE OpenStack Cloud 8
perl-Mail-SpamAssassin-3.4.5-44.13.1
spamassassin-3.4.5-44.13.1
SUSE OpenStack Cloud 9
perl-Mail-SpamAssassin-3.4.5-44.13.1
spamassassin-3.4.5-44.13.1
SUSE OpenStack Cloud Crowbar 8
perl-Mail-SpamAssassin-3.4.5-44.13.1
spamassassin-3.4.5-44.13.1
SUSE OpenStack Cloud Crowbar 9
perl-Mail-SpamAssassin-3.4.5-44.13.1
spamassassin-3.4.5-44.13.1
Ссылки
- Link for SUSE-SU-2021:1152-1
- E-Mail link for SUSE-SU-2021:1152-1
- SUSE Security Ratings
- SUSE Bug 1159133
- SUSE Bug 1184221
- SUSE CVE CVE-2019-12420 page
- SUSE CVE CVE-2020-1946 page
Описание
In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
Затронутые продукты
HPE Helion OpenStack 8:perl-Mail-SpamAssassin-3.4.5-44.13.1
HPE Helion OpenStack 8:spamassassin-3.4.5-44.13.1
SUSE Linux Enterprise Server 12 SP2-BCL:perl-Mail-SpamAssassin-3.4.5-44.13.1
SUSE Linux Enterprise Server 12 SP2-BCL:spamassassin-3.4.5-44.13.1
Ссылки
- CVE-2019-12420
- SUSE Bug 1159133
- SUSE Bug 1186513
Описание
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.
Затронутые продукты
HPE Helion OpenStack 8:perl-Mail-SpamAssassin-3.4.5-44.13.1
HPE Helion OpenStack 8:spamassassin-3.4.5-44.13.1
SUSE Linux Enterprise Server 12 SP2-BCL:perl-Mail-SpamAssassin-3.4.5-44.13.1
SUSE Linux Enterprise Server 12 SP2-BCL:spamassassin-3.4.5-44.13.1
Ссылки
- CVE-2020-1946
- SUSE Bug 1184221
- SUSE Bug 1186513