GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat Dec 15, 2018 9:26 pm Post subject: [ GLSA 201812-07 ] SpamAssassin |
|
|
Gentoo Linux Security Advisory
Title: SpamAssassin: Multiple vulnerabilities (GLSA 201812-07)
Severity: normal
Exploitable: remote
Date: 2018-12-15
Bug(s): #666348
ID: 201812-07
Synopsis
Multiple vulnerabilities have been found in SpamAssassin, the worst
of which may lead to remote code execution.
Background
SpamAssassin is an extensible email filter used to identify junk email.
Affected Packages
Package: mail-filter/spamassassin
Vulnerable: < 3.4.2-r2
Unaffected: >= 3.4.2-r2
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in SpamAssassin. Please
review the referenced CVE identifiers for details.
Impact
A remote attacker could execute arbitrary code, escalate privileges, or
cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All SpamAssassin users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=mail-filter/spamassassin-3.4.2-r2"
|
References
CVE-2016-1238
CVE-2017-15705
CVE-2018-11780
CVE-2018-11781 |
|