Lucene search

UbuntuUSN-4237-2

HistoryJan 15, 2020 - 12:00 a.m.

SpamAssassin vulnerabilities

2020-01-1500:00:00

ubuntu.com

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.009

Percentile

82.4%

JSON

Releases

Ubuntu 14.04 ESM
Ubuntu 12.04

Packages

spamassassin - Perl-based spam filter using text analysis

Details

USN-4237-1 fixed several vulnerabilities in SpamAssassin. This update provides
the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.

Original advisory details:

It was discovered that SpamAssassin incorrectly handled certain CF files.
If a user or automated system were tricked into using a specially-crafted
CF file, a remote attacker could possibly run arbitrary code.
(CVE-2018-11805)

It was discovered that SpamAssassin incorrectly handled certain messages.
A remote attacker could possibly use this issue to cause SpamAssassin to
consume resources, resulting in a denial of service. (CVE-2019-12420)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.04noarchspamassassin< 3.4.2-0ubuntu0.14.04.1+esm1UNKNOWN
Ubuntu14.04noarchspamc< 3.4.2-0ubuntu0.14.04.1UNKNOWN
Ubuntu14.04noarchspamc-dbgsym< 3.4.2-0ubuntu0.14.04.1UNKNOWN
Ubuntu12.04noarchspamassassin< 3.4.2-0ubuntu0.12.04.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	14.04	noarch	spamassassin	< 3.4.2-0ubuntu0.14.04.1+esm1	UNKNOWN
Ubuntu	14.04	noarch	spamc	< 3.4.2-0ubuntu0.14.04.1	UNKNOWN
Ubuntu	14.04	noarch	spamc-dbgsym	< 3.4.2-0ubuntu0.14.04.1	UNKNOWN
Ubuntu	12.04	noarch	spamassassin	< 3.4.2-0ubuntu0.12.04.3	UNKNOWN