5 matches found
Vulnerabilities fixed in SpamAssasin
Vulnerabilities have been fixed in SpamAssasin. The vulnerabilities allow an unauthenticated remote malicious person to execute arbitrary code under application privileges. The remote attack is significantly more difficult to execute than a local attack. The attack takes place by adding to a...
MGASA-2019-0406 Updated spamassassin packages fix security vulnerabilities
The updated packages fix security vulnerabilities: In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that...
Vulnerabilities fixed in SpamAssassin
Apache Foundation has fixed two vulnerabilities in SpamAssassin. An unauthenticated malicious person can remotely exploit these vulnerabilities to cause a denial-of-service cause, or by offering a rogue file potentially execute code under application privileges. Apache Foundation has released...
MGASA-2018-0425 Updated spamassassin packages fix security vulnerabilities
Updated spamassassin package fixes security vulnerabilities: A reliance on "." in @INC in one configuration script CVE-2016-1238. A denial of service vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts CVE-2017-15705. A...
CVE-2004-0796
SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to cause a denial of service via certain malformed messages...