Updated spamassassin packages fix security vulnerability

2021-04-1222:59:59

Gentoo Foundation

advisories.mageia.org

0.016 Low

EPSS

Percentile

87.6%

JSON

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places. (CVE-2020-1946)

OSVersionArchitecturePackageVersionFilename
Mageia7noarchspamassassin< 3.4.5-1spamassassin-3.4.5-1.mga7
Mageia7noarchspamassassin-rules< 3.4.5-1spamassassin-rules-3.4.5-1.mga7
Mageia8noarchspamassassin< 3.4.5-1spamassassin-3.4.5-1.mga8
Mageia8noarchspamassassin-rules< 3.4.5-1spamassassin-rules-3.4.5-1.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	7	noarch	spamassassin	< 3.4.5-1	spamassassin-3.4.5-1.mga7
Mageia	7	noarch	spamassassin-rules	< 3.4.5-1	spamassassin-rules-3.4.5-1.mga7
Mageia	8	noarch	spamassassin	< 3.4.5-1	spamassassin-3.4.5-1.mga8
Mageia	8	noarch	spamassassin-rules	< 3.4.5-1	spamassassin-rules-3.4.5-1.mga8