Updated spamassassin packages fix security vulnerabilities
Publication date: 09 Feb 2020Modification date: 09 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-1930 , CVE-2020-1931
Description
The updated packages fix security vulnerabilities: Nefarious rule configuration (.cf) files can be configured to run system commands with sa-compile. (CVE-2020-1930) Nefarious rule configuration (.cf) files can be configured to run system commands with warnings. (CVE-2020-1931)
References
- https://bugs.mageia.org/show_bug.cgi?id=26150
- https://spamassassin.apache.org/news.html
- https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt
- https://www.openwall.com/lists/oss-security/2020/01/30/3
- https://www.openwall.com/lists/oss-security/2020/01/30/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1930
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1931
SRPMS
7/core
- spamassassin-3.4.4-1.mga7
- spamassassin-rules-3.4.4-1.mga7