Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2018-0425)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2018.0425

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2018-0425)

Resumen: The remote host is missing an update for the 'spamassassin, spamassassin-rules' package(s) announced via the MGASA-2018-0425 advisory.

Descripción: Summary:
The remote host is missing an update for the 'spamassassin, spamassassin-rules' package(s) announced via the MGASA-2018-0425 advisory.

Vulnerability Insight:
Updated spamassassin package fixes security vulnerabilities:

A reliance on '.' in @INC in one configuration script (CVE-2016-1238).

A denial of service vulnerability arises with certain unclosed tags in
emails that cause markup to be handled incorrectly leading to scan
timeouts (CVE-2017-15705).

A potential Remote Code Execution bug with the PDFInfo plugin
(CVE-2018-11780).

A local user code injection in the meta rule syntax (CVE-2018-11781).

Affected Software/OS:
'spamassassin, spamassassin-rules' package(s) on Mageia 6.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-1238
BugTraq ID: 92136
http://www.securityfocus.com/bid/92136
Debian Security Information: DSA-3628 (Google Search)
http://www.debian.org/security/2016/dsa-3628
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/
https://security.gentoo.org/glsa/201701-75
https://security.gentoo.org/glsa/201812-07
https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E
https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html
http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html
http://www.securitytracker.com/id/1036440
SuSE Security Announcement: openSUSE-SU-2019:1831 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-15705
BugTraq ID: 105347
http://www.securityfocus.com/bid/105347
RedHat Security Advisories: RHSA-2018:2916
https://access.redhat.com/errata/RHSA-2018:2916
https://usn.ubuntu.com/3811-1/
https://usn.ubuntu.com/3811-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-11780
BugTraq ID: 105373
http://www.securityfocus.com/bid/105373
https://usn.ubuntu.com/3811-3/
Common Vulnerability Exposure (CVE) ID: CVE-2018-11781

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0425
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0425)
Resumen:	The remote host is missing an update for the 'spamassassin, spamassassin-rules' package(s) announced via the MGASA-2018-0425 advisory.
Descripción:	Summary: The remote host is missing an update for the 'spamassassin, spamassassin-rules' package(s) announced via the MGASA-2018-0425 advisory. Vulnerability Insight: Updated spamassassin package fixes security vulnerabilities: A reliance on '.' in @INC in one configuration script (CVE-2016-1238). A denial of service vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts (CVE-2017-15705). A potential Remote Code Execution bug with the PDFInfo plugin (CVE-2018-11780). A local user code injection in the meta rule syntax (CVE-2018-11781). Affected Software/OS: 'spamassassin, spamassassin-rules' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1238 BugTraq ID: 92136 http://www.securityfocus.com/bid/92136 Debian Security Information: DSA-3628 (Google Search) http://www.debian.org/security/2016/dsa-3628 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/ https://security.gentoo.org/glsa/201701-75 https://security.gentoo.org/glsa/201812-07 https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html http://www.securitytracker.com/id/1036440 SuSE Security Announcement: openSUSE-SU-2019:1831 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2017-15705 BugTraq ID: 105347 http://www.securityfocus.com/bid/105347 RedHat Security Advisories: RHSA-2018:2916 https://access.redhat.com/errata/RHSA-2018:2916 https://usn.ubuntu.com/3811-1/ https://usn.ubuntu.com/3811-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-11780 BugTraq ID: 105373 http://www.securityfocus.com/bid/105373 https://usn.ubuntu.com/3811-3/ Common Vulnerability Exposure (CVE) ID: CVE-2018-11781
Copyright	Copyright (C) 2022 Greenbone AG