spamassassin-3.4.4-4.el8

エラータID: AXSA:2021-2680:03

Release date: 
Sunday, December 12, 2021 - 10:46
Subject: 
spamassassin-3.4.4-4.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The SpamAssassin tool provides a way to reduce unsolicited commercial email (spam) from incoming email.

Security Fix(es):

* spamassassin: Malicious rule configuration files can be configured to run system commands (CVE-2020-1946)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-1946
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.

Solution: 

Update packages.

CVEs: 
CVE-2020-1946
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.
Additional Info: 

N/A

Download: 

SRPMS
  1. spamassassin-3.4.4-4.el8.src.rpm
    MD5: 3bf6be7f2734beb468494f5aa7c1f740
    SHA-256: 3c8f8e928c90ce66bb052a1c7e78e035362ea574ebe5298b7cb7a03f96c389e8
    Size: 2.99 MB

Asianux Server 8 for x86_64
  1. spamassassin-3.4.4-4.el8.x86_64.rpm
    MD5: d1ab5d63e0b227710042771ea5d8cc13
    SHA-256: 92a14e46d5a0fd77173a3c4845e75e7ca0f0fa89cfd114ee1bdce37728cb2e76
    Size: 1.25 MB