• SpamAssassin vulnerabilities

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Mon Jan 13 17:10:07 2020
    spamassassin vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 19.04
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Several security issues were fixed in SpamAssassin.

    Software Description

    * spamassassin - Perl-based spam filter using text analysis

    Details

    It was discovered that SpamAssassin incorrectly handled certain CF
    files. If a user or automated system were tricked into using a
    specially-crafted CF file, a remote attacker could possibly run
    arbitrary code. (CVE-2018-11805)

    It was discovered that SpamAssassin incorrectly handled certain
    messages. A remote attacker could possibly use this issue to cause
    SpamAssassin to consume resources, resulting in a denial of
    service. (CVE-2019-12420)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    spamassassin - 3.4.2-1ubuntu0.19.10.1

    Ubuntu 19.04
    spamassassin - 3.4.2-1ubuntu0.19.04.1

    Ubuntu 18.04 LTS
    spamassassin - 3.4.2-0ubuntu0.18.04.2

    Ubuntu 16.04 LTS
    spamassassin - 3.4.2-0ubuntu0.16.04.2

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2018-11805
    * CVE-2019-12420

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Wed Jan 15 13:10:01 2020
    spamassassin vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 14.04 ESM
    * Ubuntu 12.04 ESM

    Summary

    Several security issues were fixed in SpamAssassin.

    Software Description

    * spamassassin - Perl-based spam filter using text analysis

    Details

    USN-4237-1 fixed several vulnerabilities in SpamAssassin. This
    update provides the corresponding update for Ubuntu 12.04 ESM and
    14.04 ESM.

    Original advisory details:

    It was discovered that SpamAssassin incorrectly handled certain CF
    files. If a user or automated system were tricked into using a
    specially-crafted CF file, a remote attacker could possibly run
    arbitrary code. (CVE-2018-11805)

    It was discovered that SpamAssassin incorrectly handled certain
    messages. A remote attacker could possibly use this issue to cause
    SpamAssassin to consume resources, resulting in a denial of
    service. (CVE-2019-12420)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 14.04 ESM
    spamassassin - 3.4.2-0ubuntu0.14.04.1+esm1

    Ubuntu 12.04 ESM
    spamassassin - 3.4.2-0ubuntu0.12.04.3

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * USN-4237-1
    * CVE-2018-11805
    * CVE-2019-12420

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Tue Feb 4 17:10:06 2020
    spamassassin vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 19.10
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Several security issues were fixed in SpamAssassin.

    Software Description

    * spamassassin - Perl-based spam filter using text analysis

    Details

    It was discovered that SpamAssassin incorrectly handled certain CF
    files. If a user or automated system were tricked into using a
    specially-crafted CF file, a remote attacker could possibly run
    arbitrary code.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 19.10
    spamassassin - 3.4.2-1ubuntu0.19.10.2

    Ubuntu 18.04 LTS
    spamassassin - 3.4.2-0ubuntu0.18.04.3

    Ubuntu 16.04 LTS
    spamassassin - 3.4.2-0ubuntu0.16.04.3

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2020-1930
    * CVE-2020-1931

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)
  • From bugz_ubuntu@21:4/110 to Ubuntu Users on Tue Feb 4 21:10:02 2020
    spamassassin vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 14.04 ESM
    * Ubuntu 12.04 ESM

    Summary

    Several security issues were fixed in SpamAssassin.

    Software Description

    * spamassassin - Perl-based spam filter using text analysis

    Details

    USN-4265-1 fixed several vulnerabilities in SpamAssassin. This
    update provides the corresponding update for Ubuntu 12.04 ESM and
    14.04 ESM.

    Original advisory details:

    It was discovered that SpamAssassin incorrectly handled certain CF
    files. If a user or automated system were tricked into using a
    specially-crafted CF file, a remote attacker could possibly run
    arbitrary code.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 14.04 ESM
    spamassassin - 3.4.2-0ubuntu0.14.04.1+esm2

    Ubuntu 12.04 ESM
    spamassassin - 3.4.2-0ubuntu0.12.04.4

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * USN-4265-1
    * CVE-2020-1930
    * CVE-2020-1931

    --- Mystic BBS v1.12 A43 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)