Описание
Security update for spamassassin
This update for spamassassin fixes the following issues:
- CVE-2019-12420: memory leak via crafted messages (bsc#1159133)
- CVE-2020-1946: security update (bsc#1184221)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Список пакетов
openSUSE Leap 15.2
perl-Mail-SpamAssassin-3.4.5-lp152.10.3.1
perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-lp152.10.3.1
spamassassin-3.4.5-lp152.10.3.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0551-1
- SUSE Security Ratings
- SUSE Bug 1159133
- SUSE Bug 1184221
- SUSE CVE CVE-2019-12420 page
- SUSE CVE CVE-2020-1946 page
Описание
In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
Затронутые продукты
openSUSE Leap 15.2:perl-Mail-SpamAssassin-3.4.5-lp152.10.3.1
openSUSE Leap 15.2:perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-lp152.10.3.1
openSUSE Leap 15.2:spamassassin-3.4.5-lp152.10.3.1
Ссылки
- CVE-2019-12420
- SUSE Bug 1159133
- SUSE Bug 1186513
Описание
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.
Затронутые продукты
openSUSE Leap 15.2:perl-Mail-SpamAssassin-3.4.5-lp152.10.3.1
openSUSE Leap 15.2:perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-lp152.10.3.1
openSUSE Leap 15.2:spamassassin-3.4.5-lp152.10.3.1
Ссылки
- CVE-2020-1946
- SUSE Bug 1184221
- SUSE Bug 1186513