USN-4237-1: SpamAssassin vulnerabilities
13 January 2020
Several security issues were fixed in SpamAssassin.
- spamassassin - Perl-based spam filter using text analysis
It was discovered that SpamAssassin incorrectly handled certain CF files.
If a user or automated system were tricked into using a specially-crafted
CF file, a remote attacker could possibly run arbitrary code.
It was discovered that SpamAssassin incorrectly handled certain messages.
A remote attacker could possibly use this issue to cause SpamAssassin to
consume resources, resulting in a denial of service. (CVE-2019-12420)
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.
- USN-4237-2: spamassassin, sa-compile, spamc