Advisories » MGASA-2020-0079

Updated spamassassin packages fix security vulnerabilities

Publication date: 09 Feb 2020
Modification date: 09 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-1930 , CVE-2020-1931

Description

The updated packages fix security vulnerabilities:

Nefarious rule configuration (.cf) files can be configured to run
system commands with sa-compile. (CVE-2020-1930)

Nefarious rule configuration (.cf) files can be configured to run
system commands with warnings. (CVE-2020-1931)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26150
• https://spamassassin.apache.org/news.html
• https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt
• https://www.openwall.com/lists/oss-security/2020/01/30/3
• https://www.openwall.com/lists/oss-security/2020/01/30/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1930
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1931

SRPMS

7/core

• spamassassin-3.4.4-1.mga7
• spamassassin-rules-3.4.4-1.mga7