Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 34: 2021-bf06dcffa8 Critical: SpamAssassin Malicious Config Alert

fedora
Calendar Grey March 30, 2021
Dist Fedora Esm H88
Explore the critical Fedora 34 update for SpamAssassin that addresses serious security weaknesses and enhances email filtering.
Upstream version 3.4.5

Summary

SpamAssassin provides you with a way to reduce if not completely eliminate

Unsolicited Commercial Email (SPAM) from your incoming email. It can

be invoked by a MDA such as sendmail or postfix, or can be called from

a procmail script, .forward file, etc. It uses a genetic-algorithm

evolved scoring system to identify messages which look spammy, then

adds headers to the message so they can be filtered by the user's mail

reading software. This distribution includes the spamd/spamc components

which create a server that considerably speeds processing of mail.

To enable spamassassin, if you are receiving mail locally, simply add

this line to your ~/.procmailrc:

INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc

To filter spam for all users, add that line to /etc/procmailrc

(creating if necessary).

Upstream version 3.4.5. See https://lists.apache.org/thread/%3Cd028983e-bad3-854b-ec9a-e8b0f922d627@apache.org%3E for

details. Fixes CVE-2020-1946

* Thu Mar 25 2021 Kevin Fenzi - 3.4.5-1

- Update to 3.4.5. Fixes rhbz#1942575

- Fixes CVE-2020-1946

[ 1 ] Bug #1862520 - request rebuild for F32; compile-time SSL lib update for 'spamc'

https://bugzilla.redhat.com/show_bug.cgi?id=1862520

[ 2 ] Bug #1943277 - CVE-2020-1946 spamassassin: Malicious rule configuration files can be configured to run system commands [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1943277

su -c 'dnf upgrade --advisory FEDORA-2021-bf06dcffa8' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory critical software update Fedora critical threat spamassassin SpamAssassin malicious configuration

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 34
Version: 3.4.5
Release: 1.fc34
URL: https://spamassassin.apache.org/
Summary: Spam filter for email which can be invoked from mail delivery agents

Topics%20covered

Topics Covered

security advisory critical software update Fedora critical threat spamassassin SpamAssassin malicious configuration

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here