Endpoint Vulnerability

RHSA-2020:4625: spamassassin security update (Moderate)

Description

The SpamAssassin tool provides a way to reduce unsolicited commercial email (spam) from incoming email. Security Fix(es): * spamassassin: crafted configuration files can run system commands without any output or errors (CVE-2018-11805) * spamassassin: crafted email message can lead to DoS (CVE-2019-12420) * spamassassin: command injection via crafted configuration file (CVE-2020-1930) * spamassassin: command injection via crafted configuration file (CVE-2020-1931) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Affected Products

spamassassin