MGASA-2021-0182

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2021-0182.html
Import Source
https://advisories.mageia.org/MGASA-2021-0182.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2021-0182
Related
Published
2021-04-12T19:59:59Z
Modified
2021-04-12T18:57:43Z
Summary
Updated spamassassin packages fix security vulnerability
Details

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places. (CVE-2020-1946)

References
Credits

Affected packages

Mageia:8 / spamassassin

Package

Name
spamassassin
Purl
pkg:rpm/mageia/spamassassin?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.5-1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:8 / spamassassin-rules

Package

Name
spamassassin-rules
Purl
pkg:rpm/mageia/spamassassin-rules?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.5-1.mga8

Ecosystem specific 

{
    "section": "core"
}

Mageia:7 / spamassassin

Package

Name
spamassassin
Purl
pkg:rpm/mageia/spamassassin?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.5-1.mga7

Ecosystem specific 

{
    "section": "core"
}

Mageia:7 / spamassassin-rules

Package

Name
spamassassin-rules
Purl
pkg:rpm/mageia/spamassassin-rules?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.5-1.mga7

Ecosystem specific 

{
    "section": "core"
}