openSUSE-SU-2019:0297-1

Опубликовано: 23 мар. 2019

Источник: suse-cvrf

Описание

Security update for amavisd-new

This update for amavisd-new fixes the following issues:

Security issue fixed:

CVE-2016-1238: Workedaround a perl vulnerability by removing a trailing dot element from @INC (bsc#987887).

Other issues addressed:

update to version 2.11.1 (bsc#1123389).
amavis-services: bumping up syslog level from LOG_NOTICE to LOG_ERR for a message 'PID went away', and removed redundant newlines from some log messages
avoid warning messages 'Use of uninitialized value in subroutine entry' in Encode::MIME::Header when the $check argument is undefined
@sa_userconf_maps has been extended to allow loading of per-recipient (or per-policy bank, or global) SpamAssassin configuration set from LDAP. For consistency with SQL a @sa_userconf_maps entry prefixed with 'ldap:' will load SpamAssassin configuration set using the load_scoreonly_ldap() method.
add some Sanesecurity.Foxhole false positives to the default list @virus_name_to_spam_score_maps
update amavis-milter to version 2.6.1:
- Fixed a bug when creating amavisd-new policy bank names

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

amavisd-new-2.11.1-lp150.5.3.1

amavisd-new-docs-2.11.1-lp150.5.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/T5ANAUXCDCGLYH4N2EPY5MA7CJJND4MP/#T5ANAUXCDCGLYH4N2EPY5MA7CJJND4MP
E-Mail link for openSUSE-SU-2019:0297-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1123389
SUSE Bug 1123389
https://bugzilla.suse.com/987887
SUSE Bug 987887
https://www.suse.com/security/cve/CVE-2016-1238/
SUSE CVE CVE-2016-1238 page

Описание

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

Затронутые продукты

openSUSE Leap 15.0:amavisd-new-2.11.1-lp150.5.3.1

openSUSE Leap 15.0:amavisd-new-docs-2.11.1-lp150.5.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-1238.html
CVE-2016-1238
https://bugzilla.suse.com/1108749
SUSE Bug 1108749
https://bugzilla.suse.com/1123389
SUSE Bug 1123389
https://bugzilla.suse.com/987887
SUSE Bug 987887
https://bugzilla.suse.com/988311
SUSE Bug 988311

openSUSE-SU-2019:0297-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2016-1238

Описание

Затронутые продукты

Ссылки