The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Apache SpamAssassin: denial of service via Security Note

Synthesis of the vulnerability 

An attacker can trigger a fatal error via Security Note of Apache SpamAssassin, in order to trigger a denial of service.
Vulnerable software: Debian, RHEL, Ubuntu.
Severity of this announce: 2/4.
Creation date: 16/12/2019.
Références of this computer vulnerability: CVE-2019-12420, DLA-2037-1, DSA-4584-1, RHSA-2020:3973-01, RHSA-2020:4625-01, USN-4237-1, USN-4237-2, VIGILANCE-VUL-31159.

Description of the vulnerability 

An attacker can trigger a fatal error via Security Note of Apache SpamAssassin, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security note impacts software or systems such as Debian, RHEL, Ubuntu.

Our Vigil@nce team determined that the severity of this threat announce is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer weakness announce.

Solutions for this threat 

Debian 8: new spamassassin packages.
New packages are available:
  Debian 8: spamassassin 3.4.2-0+deb8u2

Debian 9/10: new spamassassin packages.
New packages are available:
  Debian 9: spamassassin 3.4.2-1~deb9u2
  Debian 10: spamassassin 3.4.2-1+deb10u1

RHEL 7.8: new spamassassin packages.
New packages are available:
  RHEL 7.0-7.8: spamassassin 3.4.0-6.el7

RHEL 8: new spamassassin packages.
New packages are available:
  RHEL 8.0-8.2: spamassassin 3.4.2-10.el8

Ubuntu: new spamassassin packages.
New packages are available:
  Ubuntu 19.10: spamassassin 3.4.2-1ubuntu0.19.10.1
  Ubuntu 19.04: spamassassin 3.4.2-1ubuntu0.19.04.1
  Ubuntu 18.04 LTS: spamassassin 3.4.2-0ubuntu0.18.04.2
  Ubuntu 16.04 LTS: spamassassin 3.4.2-0ubuntu0.16.04.2
  Ubuntu 14.04 ESM: spamassassin 3.4.2-0ubuntu0.14.04.1+esm1
  Ubuntu 12.04 ESM: spamassassin 3.4.2-0ubuntu0.12.04.3
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computers vulnerabilities database. The Vigil@nce vulnerability database contains several thousand vulnerabilities.