DSA-4584-1 spamassassin -- spamassassinID: oval:org.secpod.oval:def:69926 | Date: (C)2021-03-07 (M)2023-12-20 |
Class: PATCH | Family: unix |
Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis. CVE-2018-11805 Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios. CVE-2019-12420 Specially crafted mulitpart messages can cause spamassassin to use excessive resources, resulting in a denial of service.