--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2018-8f0df2c366
2018-09-29 22:00:08.857728
--------------------------------------------------------------------------------Name : spamassassin
Product : Fedora 29
Version : 3.4.2
Release : 2.fc29
URL : https://spamassassin.apache.org/
Summary : Spam filter for email which can be invoked from mail delivery agents
Description :
SpamAssassin provides you with a way to reduce if not completely eliminate
Unsolicited Commercial Email (SPAM) from your incoming email. It can
be invoked by a MDA such as sendmail or postfix, or can be called from
a procmail script, .forward file, etc. It uses a genetic-algorithm
evolved scoring system to identify messages which look spammy, then
adds headers to the message so they can be filtered by the user's mail
reading software. This distribution includes the spamd/spamc components
which create a server that considerably speeds processing of mail.
To enable spamassassin, if you are receiving mail locally, simply add
this line to your ~/.procmailrc:
INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc
To filter spam for all users, add that line to /etc/procmailrc
(creating if necessary).
--------------------------------------------------------------------------------Update Information:
Fixed some small bugs in the previous package: Initial rules now have the
correct version, sought channel config is dropped (since it doesn't exist
anymore) and build / runtime deps adjusted. ---- Update to 3.4.2. Fixes
CVE-2017-15705, CVE-2018-11780 and CVE-2018-11781 along with many other bugfixes
and improvements. See https://www.mail-archive.com/announce@apache.org/msg04823.html for more information.
--------------------------------------------------------------------------------References:
[ 1 ] Bug #1629537 - CVE-2018-11781 spamassassin: Local user code injection in the meta rule syntax [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1629537
[ 2 ] Bug #1629534 - CVE-2018-11780 spamassassin: Potential remote code execution vulnerability in PDFInfo plugin [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1629534
[ 3 ] Bug #1629522 - CVE-2017-15705 spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and resulting denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1629522
[ 4 ] Bug #1629491 - SpamAssassin 3.4.2 released with CVE disclosure
https://bugzilla.redhat.com/show_bug.cgi?id=1629491
[ 5 ] Bug #1590592 - Need spamassassin release with patch for bug 7208 included
https://bugzilla.redhat.com/show_bug.cgi?id=1590592
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-8f0df2c366' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Fedora 29: spamassassin Security Update
September 29, 2018
Fixed some small bugs in the previous package: Initial rules now have the correct version, sought channel config is dropped (since it doesn't exist anymore) and build / runtime dep...
Summary
SpamAssassin provides you with a way to reduce if not completely eliminate
Unsolicited Commercial Email (SPAM) from your incoming email. It can
be invoked by a MDA such as sendmail or postfix, or can be called from
a procmail script, .forward file, etc. It uses a genetic-algorithm
evolved scoring system to identify messages which look spammy, then
adds headers to the message so they can be filtered by the user's mail
reading software. This distribution includes the spamd/spamc components
which create a server that considerably speeds processing of mail.
To enable spamassassin, if you are receiving mail locally, simply add
this line to your ~/.procmailrc:
INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc
To filter spam for all users, add that line to /etc/procmailrc
(creating if necessary).
Fixed some small bugs in the previous package: Initial rules now have the
correct version, sought channel config is dropped (since it doesn't exist
anymore) and build / runtime deps adjusted. ---- Update to 3.4.2. Fixes
CVE-2017-15705, CVE-2018-11780 and CVE-2018-11781 along with many other bugfixes
and improvements. See https://www.mail-archive.com/announce@apache.org/msg04823.html for more information.
[ 1 ] Bug #1629537 - CVE-2018-11781 spamassassin: Local user code injection in the meta rule syntax [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1629537
[ 2 ] Bug #1629534 - CVE-2018-11780 spamassassin: Potential remote code execution vulnerability in PDFInfo plugin [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1629534
[ 3 ] Bug #1629522 - CVE-2017-15705 spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and resulting denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1629522
[ 4 ] Bug #1629491 - SpamAssassin 3.4.2 released with CVE disclosure
https://bugzilla.redhat.com/show_bug.cgi?id=1629491
[ 5 ] Bug #1590592 - Need spamassassin release with patch for bug 7208 included
https://bugzilla.redhat.com/show_bug.cgi?id=1590592
su -c 'dnf upgrade --advisory FEDORA-2018-8f0df2c366' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
FEDORA-2018-8f0df2c366 2018-09-29 22:00:08.857728 Product : Fedora 29 Version : 3.4.2 Release : 2.fc29 URL : https://spamassassin.apache.org/ Summary : Spam filter for email which can be invoked from mail delivery agents Description : SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email (SPAM) from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring system to identify messages which look spammy, then adds headers to the message so they can be filtered by the user's mail reading software. This distribution includes the spamd/spamc components which create a server that considerably speeds processing of mail. To enable spamassassin, if you are receiving mail locally, simply add this line to your ~/.procmailrc: INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc To filter spam for all users, add that line to /etc/procmailrc (creating if necessary). Fixed some small bugs in the previous package: Initial rules now have the correct version, sought channel config is dropped (since it doesn't exist anymore) and build / runtime deps adjusted. ---- Update to 3.4.2. Fixes CVE-2017-15705, CVE-2018-11780 and CVE-2018-11781 along with many other bugfixes and improvements. See https://www.mail-archive.com/announce@apache.org/msg04823.html for more information. [ 1 ] Bug #1629537 - CVE-2018-11781 spamassassin: Local user code injection in the meta rule syntax [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1629537 [ 2 ] Bug #1629534 - CVE-2018-11780 spamassassin: Potential remote code execution vulnerability in PDFInfo plugin [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1629534 [ 3 ] Bug #1629522 - CVE-2017-15705 spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and resulting denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1629522 [ 4 ] Bug #1629491 - SpamAssassin 3.4.2 released with CVE disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1629491 [ 5 ] Bug #1590592 - Need spamassassin release with patch for bug 7208 included https://bugzilla.redhat.com/show_bug.cgi?id=1590592 su -c 'dnf upgrade --advisory FEDORA-2018-8f0df2c366' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Change Log
References
Update Instructions
Severity
Product : Fedora 29
Version : 3.4.2
Release : 2.fc29
URL : https://spamassassin.apache.org/
Summary : Spam filter for email which can be invoked from mail delivery agents
News
HOWTOs
Features
About Us
Powered By
