USN-4237-2: SpamAssassin vulnerabilities
15 January 2020
Several security issues were fixed in SpamAssassin.
- spamassassin - Perl-based spam filter using text analysis
USN-4237-1 fixed several vulnerabilities in SpamAssassin. This update provides
the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.
Original advisory details:
It was discovered that SpamAssassin incorrectly handled certain CF files.
If a user or automated system were tricked into using a specially-crafted
CF file, a remote attacker could possibly run arbitrary code.
It was discovered that SpamAssassin incorrectly handled certain messages.
A remote attacker could possibly use this issue to cause SpamAssassin to
consume resources, resulting in a denial of service. (CVE-2019-12420)
- USN-4237-1: sa-compile, spamc, spamassassin