Lucene search

K
suseSuseOPENSUSE-SU-2020:0446-1
HistoryApr 04, 2020 - 12:00 a.m.

Security update for spamassassin (important)

2020-04-0400:00:00
lists.opensuse.org
91
spamassassin
security update
vulnerabilities
rule files
system commands

EPSS

0.009

Percentile

82.4%

An update that solves three vulnerabilities and has one
errata is now available.

Description:

This update for spamassassin fixes the following issues:

Security issues fixed:

  • CVE-2018-11805: Fixed an issue with delimiter handling in rule files
    related to is_regexp_valid() (bsc#1118987).
  • CVE-2020-1930: Fixed an issue with rule configuration (.cf) files which
    can be configured to run system commands (bsc#1162197).
  • CVE-2020-1931: Fixed an issue with rule configuration (.cf) files which
    can be configured to run system commands with warnings (bsc#1162200).

Non-security issue fixed:

  • Altering hash requires restarting loop (bsc#862963).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.1:

    zypper in -t patch openSUSE-2020-446=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.1x86_64< - openSUSE Leap 15.1 (x86_64):- openSUSE Leap 15.1 (x86_64):.x86_64.rpm