EUVD-2018-3784

Malware in sbrugna...

EditLord: Learning Code Transformation Rules for Code Editing

Code editing is a foundational task in software development, where its effectiveness depends on whether it introduces desired code property changes without changing the original code's intended functionality. Existing approaches often formulate code editing as an implicit end-to-end task, omittin...

SUSE CVE-2018-11781

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax...

Arbitrary Code Injection

Apache SpamAssassin is vulnerable to arbitrary code injection. A local user is able to inject arbitrary code in the meta rule syntax...

EulerOS 2.0 SP3 : spamassassin (EulerOS-SA-2020-2118)

According to the version of the spamassassin package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.CVE-2018-11781 Note that Tenable Network Security has...

SUSE SLED12 / SLES12 Security Update : spamassassin (SUSE-SU-2019:1961-1)

This update for spamassassin to version 3.4.2 fixes the following issues : Security issues fixed : CVE-2017-15705: Fixed denial of service via unclosed tags in crafted emails bsc1108745. CVE-2018-11781: Fixed a code injection in the meta rule syntax by local users bsc1108748. CVE-2018-11780: Fixe...

USN-3811-3: SpamAssassin vulnerabilities

USN-3811-1 fixed a vulnerability in spamassassin. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code...

Debian DLA-1578-1 : spamassassin security update

Multiple vulnerabilities were found in Spamassassin, which could lead to Remote Code Execution and Denial of Service attacks under certain circumstances. CVE-2016-1238 Many Perl programs do not properly remove . period characters from the end of the includes directory array, which might allow loc...

[SECURITY] [DLA 1578-1] spamassassin security update

Package : spamassassin Version : 3.4.2-0+deb8u1 CVE ID : CVE-2016-1238 CVE-2017-15705 CVE-2018-11780 CVE-2018-11781 Debian Bug : 784023 865924 883775 889501 891041 908969 908970 908971 913571 Multiple vulnerabilities were found in Spamassassin, which could lead to Remote Code Execution and Denial...

Amazon Linux 2 : spamassassin (ALAS-2018-1103)

A flaw was found in the way SpamAssassin processes HTML email containing unclosed HTML tags. A carefully crafted mail message could cause SpamAssassin to consume significant resources. If a large number of these messages are sent, a denial of service could occur potentially delaying or preventing...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : SpamAssassin vulnerabilities (USN-3811-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3811-1 advisory. It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use thi...

USN-3811-1: SpamAssassin vulnerabilities

It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. CVE-2017-15705 It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use th...

USN-3811-1 spamassassin vulnerabilities

It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. CVE-2017-15705 It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use th...

Updated spamassassin packages fix security vulnerabilities

Updated spamassassin package fixes security vulnerabilities: A reliance on "." in @INC in one configuration script CVE-2016-1238. A denial of service vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts CVE-2017-15705. A...

spamassassin: Local user code injection in the meta rule syntax

A flaw was found in the way a local user on the SpamAssassin server could inject code in the meta rule syntax. This could cause the arbitrary code execution on the server when these rules are being processed...

FreeBSD : spamassassin -- multiple vulnerabilities (613193a0-c1b4-11e8-ae2d-54e1ad3d6335)

the Apache Spamassassin project reports : In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the 'open' event is immediately followed by a 'close' event - even if the tag does not close in the HTML being parsed. Because...

Apache SpamAssassin Arbitrary Code Execution Vulnerability

Apache SpamAssassin is an open source spam filter from the Apache USA Software Foundation that provides system administrators with a filter and support for categorizing email to stop spam. An arbitrary code execution vulnerability exists in the meta-rule statements in Apache SpamAssassin, which c...

Code injection

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax...

ALPINE-CVE-2018-11781

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax...

CVE-2018-11781

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax...