Lucene search

UbuntuUSN-4237-2

HistoryJan 15, 2020 - 12:00 a.m.

SpamAssassin vulnerabilities

2020-01-1500:00:00

ubuntu.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.9 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.009 Low

EPSS

Percentile

82.1%

JSON

Releases

Ubuntu 14.04 ESM
Ubuntu 12.04

Packages

spamassassin - Perl-based spam filter using text analysis

Details

USN-4237-1 fixed several vulnerabilities in SpamAssassin. This update provides
the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.

Original advisory details:

It was discovered that SpamAssassin incorrectly handled certain CF files.
If a user or automated system were tricked into using a specially-crafted
CF file, a remote attacker could possibly run arbitrary code.
(CVE-2018-11805)

It was discovered that SpamAssassin incorrectly handled certain messages.
A remote attacker could possibly use this issue to cause SpamAssassin to
consume resources, resulting in a denial of service. (CVE-2019-12420)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.04noarchspamassassin< 3.4.2-0ubuntu0.14.04.1+esm1UNKNOWN
Ubuntu14.04noarchspamc< 3.4.2-0ubuntu0.14.04.1UNKNOWN
Ubuntu14.04noarchspamc-dbgsym< 3.4.2-0ubuntu0.14.04.1UNKNOWN
Ubuntu12.04noarchspamassassin< 3.4.2-0ubuntu0.12.04.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	14.04	noarch	spamassassin	< 3.4.2-0ubuntu0.14.04.1+esm1	UNKNOWN
Ubuntu	14.04	noarch	spamc	< 3.4.2-0ubuntu0.14.04.1	UNKNOWN
Ubuntu	14.04	noarch	spamc-dbgsym	< 3.4.2-0ubuntu0.14.04.1	UNKNOWN
Ubuntu	12.04	noarch	spamassassin	< 3.4.2-0ubuntu0.12.04.3	UNKNOWN