vulnerability
Oracle Linux: CVE-2018-11781: ELSA-2018-2916: spamassassin security update (IMPORTANT)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:P/I:P/A:P) | Sep 17, 2018 | Jul 21, 2020 | Dec 3, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
Sep 17, 2018
Added
Jul 21, 2020
Modified
Dec 3, 2025
Description
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.
A flaw was found in the way a local user on the SpamAssassin server could inject code in the meta rule syntax. This could cause the arbitrary code execution on the server when these rules are being processed.
A flaw was found in the way a local user on the SpamAssassin server could inject code in the meta rule syntax. This could cause the arbitrary code execution on the server when these rules are being processed.
Solution
oracle-linux-upgrade-spamassassin
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.