Amazon Linux 2 : spamassassin (ALAS-2018-1103)

Medium Nessus Plugin ID 118834


The remote Amazon Linux 2 host is missing a security update.


A flaw was found in the way SpamAssassin processes HTML email
containing unclosed HTML tags. A carefully crafted mail message could
cause SpamAssassin to consume significant resources. If a large number
of these messages are sent, a denial of service could occur
potentially delaying or preventing the delivery of

A flaw was found in the way a local user on the SpamAssassin server
could inject code in the meta rule syntax. This could cause the
arbitrary code execution on the server when these rules are being


Run 'yum update spamassassin' to update your system.

See Also

Plugin Details

Severity: Medium

ID: 118834

File Name: al2_ALAS-2018-1103.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2018/11/09

Modified: 2018/12/10

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:spamassassin, p-cpe:/a:amazon:linux:spamassassin-debuginfo, cpe:/o:amazon:linux:2

Patch Publication Date: 2018/11/08

Reference Information

CVE: CVE-2017-15705, CVE-2018-11781

ALAS: 2018-1103