SECURITY: Fedora 34 Update: spamassassin-3.4.5-1.fc34
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-bf06dcffa8
2021-03-31 00:15:12.087364
--------------------------------------------------------------------------------
Name : spamassassin
Product : Fedora 34
Version : 3.4.5
Release : 1.fc34
URL : https://spamassassin.apache.org/
Summary : Spam filter for email which can be invoked from mail delivery agents
Description :
SpamAssassin provides you with a way to reduce if not completely eliminate
Unsolicited Commercial Email (SPAM) from your incoming email. It can
be invoked by a MDA such as sendmail or postfix, or can be called from
a procmail script, .forward file, etc. It uses a genetic-algorithm
evolved scoring system to identify messages which look spammy, then
adds headers to the message so they can be filtered by the user's mail
reading software. This distribution includes the spamd/spamc components
which create a server that considerably speeds processing of mail.
To enable spamassassin, if you are receiving mail locally, simply add
this line to your ~/.procmailrc:
INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc
To filter spam for all users, add that line to /etc/procmailrc
(creating if necessary).
--------------------------------------------------------------------------------
Update Information:
Upstream version 3.4.5. See http://mail-archives.apache.org/mod_mbox/www-
announce/202103.mbox/%3cd028983e-bad3-854b-ec9a-e8b0f922d627@apache.org%3e for
details. Fixes CVE-2020-1946
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 25 2021 Kevin Fenzi - 3.4.5-1
- Update to 3.4.5. Fixes rhbz#1942575
- Fixes CVE-2020-1946
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1862520 - request rebuild for F32; compile-time SSL lib update for 'spamc'
https://bugzilla.redhat.com/show_bug.cgi?id=1862520
[ 2 ] Bug #1943277 - CVE-2020-1946 spamassassin: Malicious rule configuration files can be configured to run system commands [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1943277
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-bf06dcffa8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
A spamassassin security update has been released for Fedora 34.