Описание
Security update for spamassassin
This update for spamassassin fixes the following issues:
- CVE-2019-12420: memory leak via crafted messages (bsc#1159133)
- CVE-2020-1946: security update (bsc#1184221)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15-ESPOS
perl-Mail-SpamAssassin-3.4.5-7.14.1
perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-7.14.1
spamassassin-3.4.5-7.14.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
perl-Mail-SpamAssassin-3.4.5-7.14.1
perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-7.14.1
spamassassin-3.4.5-7.14.1
SUSE Linux Enterprise Server 15-LTSS
perl-Mail-SpamAssassin-3.4.5-7.14.1
perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-7.14.1
spamassassin-3.4.5-7.14.1
SUSE Linux Enterprise Server for SAP Applications 15
perl-Mail-SpamAssassin-3.4.5-7.14.1
perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-7.14.1
spamassassin-3.4.5-7.14.1
Ссылки
- Link for SUSE-SU-2021:1153-1
- E-Mail link for SUSE-SU-2021:1153-1
- SUSE Security Ratings
- SUSE Bug 1159133
- SUSE Bug 1184221
- SUSE CVE CVE-2019-12420 page
- SUSE CVE CVE-2020-1946 page
Описание
In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:perl-Mail-SpamAssassin-3.4.5-7.14.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-7.14.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:spamassassin-3.4.5-7.14.1
SUSE Linux Enterprise High Performance Computing 15-LTSS:perl-Mail-SpamAssassin-3.4.5-7.14.1
Ссылки
- CVE-2019-12420
- SUSE Bug 1159133
- SUSE Bug 1186513
Описание
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:perl-Mail-SpamAssassin-3.4.5-7.14.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-7.14.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:spamassassin-3.4.5-7.14.1
SUSE Linux Enterprise High Performance Computing 15-LTSS:perl-Mail-SpamAssassin-3.4.5-7.14.1
Ссылки
- CVE-2020-1946
- SUSE Bug 1184221
- SUSE Bug 1186513