MGASA-2021-0182 - Updated spamassassin packages fix security vulnerability Publication date: 12 Apr 2021 URL: https://advisories.mageia.org/MGASA-2021-0182.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2020-1946 In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places. (CVE-2020-1946) References: - https://bugs.mageia.org/show_bug.cgi?id=28673 - https://spamassassin.apache.org/news.html - https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.5.txt - https://www.openwall.com/lists/oss-security/2021/03/24/3 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1946 SRPMS: - 7/core/spamassassin-3.4.5-1.mga7 - 7/core/spamassassin-rules-3.4.5-1.mga7 - 8/core/spamassassin-3.4.5-1.mga8 - 8/core/spamassassin-rules-3.4.5-1.mga8
Mageia 2021-0182: spamassassin security update
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors
Summary
CVE: CVE-2020-1946
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files
can be configured to run system commands without any output or errors. With
this, exploits can be injected in a number of scenarios. In addition to upgrading
to SA version 3.4.5, users should only use update channels or 3rd party .cf
files from trusted places. (CVE-2020-1946)
Resolution
MGASA-2021-0182 - Updated spamassassin packages fix security vulnerability
References
- https://bugs.mageia.org/show_bug.cgi?id=28673
- https://spamassassin.apache.org/news.html
- https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.5.txt
- https://www.openwall.com/lists/oss-security/2021/03/24/3
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1946
Severity
Issued Date: 12 Apr 2021
URL: https://advisories.mageia.org/MGASA-2021-0182.html
Type: security
Affected Mageia releases: 7, 8
News
HOWTOs
Features
Secure Linux Hosting for Businesses
What Is Threat Intelligence?
CloudLinux Simplifies & Enhances Linux Security with its TuxCare Unified Enterprise Support Services
LinuxSecurity, Leading Provider of Linux Security News and Information, Unveils its New Website
Biden's New Executive Cybersecurity Order Highlights the Power of Open-Source Security
About Us
Powered By
