This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
This update fixes the following security problem in SpamAssassin :
- CVE-2006-2447: SpamAssassin when running with vpopmail
and the paranoid (-P) switch, allows remote attackers to
execute arbitrary commands via a crafted message that is
not properly handled when invoking spamd with the
virtual pop username.
At the same time we upgraded SpamAssassin to version 3.1.3, bringing
lots of bug fixes and new rules.
Please make sure you verify that it still works with your
Also included is now 'sa-update', a rule update script. For this
script to work make sure that the perl-IO-ZLib and perl-libwww-perl
packages are installed.
Update the affected spamassassin packages.
Risk factor :
Medium / CVSS Base Score : 5.1
Public Exploit Available : true