(RHSA-2020:4625) Moderate: spamassassin security update

2020-11-0312:21:29

access.redhat.com

0.009 Low

EPSS

Percentile

82.4%

JSON

The SpamAssassin tool provides a way to reduce unsolicited commercial email (spam) from incoming email.

Security Fix(es):

spamassassin: crafted configuration files can run system commands without any output or errors (CVE-2018-11805)
spamassassin: crafted email message can lead to DoS (CVE-2019-12420)
spamassassin: command injection via crafted configuration file (CVE-2020-1930)
spamassassin: command injection via crafted configuration file (CVE-2020-1931)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8s390xspamassassin-debuginfo< 3.4.2-10.el8spamassassin-debuginfo-3.4.2-10.el8.s390x.rpm
RedHat8ppc64lespamassassin< 3.4.2-10.el8spamassassin-3.4.2-10.el8.ppc64le.rpm
RedHat8x86_64spamassassin< 3.4.2-10.el8spamassassin-3.4.2-10.el8.x86_64.rpm
RedHat8aarch64spamassassin-debugsource< 3.4.2-10.el8spamassassin-debugsource-3.4.2-10.el8.aarch64.rpm
RedHat8s390xspamassassin< 3.4.2-10.el8spamassassin-3.4.2-10.el8.s390x.rpm
RedHat8s390xspamassassin-debugsource< 3.4.2-10.el8spamassassin-debugsource-3.4.2-10.el8.s390x.rpm
RedHat8ppc64lespamassassin-debuginfo< 3.4.2-10.el8spamassassin-debuginfo-3.4.2-10.el8.ppc64le.rpm
RedHat8x86_64spamassassin-debuginfo< 3.4.2-10.el8spamassassin-debuginfo-3.4.2-10.el8.x86_64.rpm
RedHat8ppc64lespamassassin-debugsource< 3.4.2-10.el8spamassassin-debugsource-3.4.2-10.el8.ppc64le.rpm
RedHat8x86_64spamassassin-debugsource< 3.4.2-10.el8spamassassin-debugsource-3.4.2-10.el8.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	s390x	spamassassin-debuginfo	< 3.4.2-10.el8	spamassassin-debuginfo-3.4.2-10.el8.s390x.rpm
RedHat	8	ppc64le	spamassassin	< 3.4.2-10.el8	spamassassin-3.4.2-10.el8.ppc64le.rpm
RedHat	8	x86_64	spamassassin	< 3.4.2-10.el8	spamassassin-3.4.2-10.el8.x86_64.rpm
RedHat	8	aarch64	spamassassin-debugsource	< 3.4.2-10.el8	spamassassin-debugsource-3.4.2-10.el8.aarch64.rpm
RedHat	8	s390x	spamassassin	< 3.4.2-10.el8	spamassassin-3.4.2-10.el8.s390x.rpm
RedHat	8	s390x	spamassassin-debugsource	< 3.4.2-10.el8	spamassassin-debugsource-3.4.2-10.el8.s390x.rpm
RedHat	8	ppc64le	spamassassin-debuginfo	< 3.4.2-10.el8	spamassassin-debuginfo-3.4.2-10.el8.ppc64le.rpm
RedHat	8	x86_64	spamassassin-debuginfo	< 3.4.2-10.el8	spamassassin-debuginfo-3.4.2-10.el8.x86_64.rpm
RedHat	8	ppc64le	spamassassin-debugsource	< 3.4.2-10.el8	spamassassin-debugsource-3.4.2-10.el8.ppc64le.rpm
RedHat	8	x86_64	spamassassin-debugsource	< 3.4.2-10.el8	spamassassin-debugsource-3.4.2-10.el8.x86_64.rpm