Oracle Linux 7 : spamassassin (ELSA-2018-2916)
Medium Nessus Plugin ID 118076
SynopsisThe remote Oracle Linux host is missing a security update.
DescriptionFrom Red Hat Security Advisory 2018:2916 :
An update for spamassassin is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The SpamAssassin tool provides a way to reduce unsolicited commercial email (spam) from incoming email.
Security Fix(es) :
* spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and result in denial of service (CVE-2017-15705)
* spamassassin: Local user code injection in the meta rule syntax (CVE-2018-11781)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
SolutionUpdate the affected spamassassin package.