Описание
Security update for spamassassin
This update for spamassassin fixes the following issues:
- CVE-2019-12420: memory leak via crafted messages (bsc#1159133)
- CVE-2020-1946: security update (bsc#1184221)
Список пакетов
SUSE Enterprise Storage 6
perl-Mail-SpamAssassin-3.4.5-12.10.1
perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1
spamassassin-3.4.5-12.10.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
perl-Mail-SpamAssassin-3.4.5-12.10.1
perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1
spamassassin-3.4.5-12.10.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
perl-Mail-SpamAssassin-3.4.5-12.10.1
perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1
spamassassin-3.4.5-12.10.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
perl-Mail-SpamAssassin-3.4.5-12.10.1
spamassassin-3.4.5-12.10.1
SUSE Linux Enterprise Module for Development Tools 15 SP2
perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1
SUSE Linux Enterprise Server 15 SP1-BCL
perl-Mail-SpamAssassin-3.4.5-12.10.1
perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1
spamassassin-3.4.5-12.10.1
SUSE Linux Enterprise Server 15 SP1-LTSS
perl-Mail-SpamAssassin-3.4.5-12.10.1
perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1
spamassassin-3.4.5-12.10.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
perl-Mail-SpamAssassin-3.4.5-12.10.1
perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1
spamassassin-3.4.5-12.10.1
SUSE Manager Proxy 4.0
perl-Mail-SpamAssassin-3.4.5-12.10.1
perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1
spamassassin-3.4.5-12.10.1
SUSE Manager Retail Branch Server 4.0
perl-Mail-SpamAssassin-3.4.5-12.10.1
perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1
spamassassin-3.4.5-12.10.1
SUSE Manager Server 4.0
perl-Mail-SpamAssassin-3.4.5-12.10.1
perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1
spamassassin-3.4.5-12.10.1
Ссылки
- Link for SUSE-SU-2021:1163-1
- E-Mail link for SUSE-SU-2021:1163-1
- SUSE Security Ratings
- SUSE Bug 1159133
- SUSE Bug 1184221
- SUSE CVE CVE-2019-12420 page
- SUSE CVE CVE-2020-1946 page
Описание
In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
Затронутые продукты
SUSE Enterprise Storage 6:perl-Mail-SpamAssassin-3.4.5-12.10.1
SUSE Enterprise Storage 6:perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1
SUSE Enterprise Storage 6:spamassassin-3.4.5-12.10.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:perl-Mail-SpamAssassin-3.4.5-12.10.1
Ссылки
- CVE-2019-12420
- SUSE Bug 1159133
- SUSE Bug 1186513
Описание
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.
Затронутые продукты
SUSE Enterprise Storage 6:perl-Mail-SpamAssassin-3.4.5-12.10.1
SUSE Enterprise Storage 6:perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1
SUSE Enterprise Storage 6:spamassassin-3.4.5-12.10.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:perl-Mail-SpamAssassin-3.4.5-12.10.1
Ссылки
- CVE-2020-1946
- SUSE Bug 1184221
- SUSE Bug 1186513