USN-3811-1 spamassassin vulnerabilities

It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. CVE-2017-15705 It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use th...

Updated spamassassin packages fix security vulnerabilities

Updated spamassassin package fixes security vulnerabilities: A reliance on "." in @INC in one configuration script CVE-2016-1238. A denial of service vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts CVE-2017-15705. A...

OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

GHSA-QCJ7-G2J5-G7R3 In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

spamassassin: Local user code injection in the meta rule syntax

A flaw was found in the way a local user on the SpamAssassin server could inject code in the meta rule syntax. This could cause the arbitrary code execution on the server when these rules are being processed...

[SECURITY] Fedora 29 Update: julia-1.0.1-3.fc29

Julia is a high-level, high-performance dynamic programming language for technical computing, with syntax that is familiar to users of other technical computing environments. It provides a sophisticated compiler, distributed parallel execution, numerical accuracy, and an extensive mathematical...

FreeBSD : spamassassin -- multiple vulnerabilities (613193a0-c1b4-11e8-ae2d-54e1ad3d6335)

the Apache Spamassassin project reports : In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the 'open' event is immediately followed by a 'close' event - even if the tag does not close in the HTML being parsed. Because...

Amazon Linux AMI : squid (ALAS-2018-1081)

The Squid Software Foundation Squid HTTP Caching Proxy contains a NULL pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with...

OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

Code injection

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax...

CVE-2018-11781

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax...

ALPINE-CVE-2018-11781

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax...

DEBIAN-CVE-2018-11781

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax...

CVE-2018-11781

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax...

CVE-2018-11781

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax...

CVE-2018-11781

A flaw was found in the way a local user on the SpamAssassin server could inject code in the meta rule syntax. This could cause the arbitrary code execution on the server when these rules are being processed...

UBUNTU-CVE-2018-11781

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax...

spamassassin -- multiple vulnerabilities

the Apache Spamassassin project reports: In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the "open" event is immediately followed by a "close" event - even if the tag does not close in the HTML being parsed. Because ...

USN-3747-2 openjdk-lts regression

USN-3747-1 fixed vulnerabilities in OpenJDK 10 for Ubuntu 18.04 LTS. Unfortunately, that update introduced a regression around accessability support that prevented some Java applications from starting. This update fixes the problem. We apologize for the inconvenience. Original advisory details: I...