Bug 1108749

Summary: VUL-0: CVE-2016-1238: spamassassin: loading modules from current directory
Product: [Novell Products] SUSE Security Incidents Reporter: Karol Babioch <karol>
Component: IncidentsAssignee: Peter Varkoly <varkoly>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: rfrohl, varkoly
Version: unspecifiedFlags: rfrohl: needinfo? (varkoly)
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/170661/
Whiteboard: CVSSv2:SUSE:CVE-2016-1238:4.6:(AV:L/AC:L/Au:N/C:P/I:P/A:P) CVSSv3:SUSE:CVE-2016-1238:6.7:(AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Deadline: 2018-07-10   

Comment 2 Swamp Workflow Management 2019-07-29 16:14:15 UTC 
SUSE-SU-2019:2011-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1069831,1107765,1108745,1108748,1108749,1108750,1115411
CVE References: CVE-2016-1238,CVE-2017-15705,CVE-2018-11780,CVE-2018-11781
Sources used:
SUSE Linux Enterprise Module for Development Tools 15 (src):    spamassassin-3.4.2-7.4.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    spamassassin-3.4.2-7.4.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 3 Swamp Workflow Management 2019-08-06 19:15:04 UTC 
openSUSE-SU-2019:1831-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 1069831,1107765,1108745,1108748,1108749,1108750,1115411
CVE References: CVE-2016-1238,CVE-2017-15705,CVE-2018-11780,CVE-2018-11781
Sources used:
openSUSE Leap 15.0 (src):    spamassassin-3.4.2-lp150.6.3.1
Comment 4 Peter Varkoly 2020-01-30 12:59:37 UTC 
fixed