Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2021:4315

Опубликовано: 09 нояб. 2021
Источник: rocky
Оценка: Moderate

Описание

Moderate: spamassassin security update

The SpamAssassin tool provides a way to reduce unsolicited commercial email (spam) from incoming email.

Security Fix(es):

  • spamassassin: Malicious rule configuration files can be configured to run system commands (CVE-2020-1946)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
spamassassinx86_644.el8spamassassin-3.4.4-4.el8.x86_64.rpm

Показывать по

Связанные CVE

CVE-2020-1946

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2020-1946

CVSS3: 9.8
ubuntu
больше 4 лет назад

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.

redhat логотип

CVE-2020-1946

CVSS3: 7.8
redhat
больше 4 лет назад

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.

nvd логотип

CVE-2020-1946

CVSS3: 9.8
nvd
больше 4 лет назад

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.

debian логотип

CVE-2020-1946

CVSS3: 9.8
debian
больше 4 лет назад

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf ...

github логотип

GHSA-qmmx-pr2m-q429

CVSS3: 9.8
github
больше 3 лет назад

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.