{"id":"MGASA-2019-0406","summary":"Updated spamassassin packages fix security vulnerabilities","details":"The updated packages fix security vulnerabilities:\n\nIn Apache SpamAssassin before 3.4.3, nefarious CF files can be configured\nto run system commands without any output or errors. With this, exploits\ncan be injected in a number of scenarios. In addition to upgrading to SA\n3.4.3, we recommend that users should only use update channels or 3rdparty\n.cf files from trusted places. (CVE-2018-11805)\n\nIn Apache SpamAssassin before 3.4.3, a message can be crafted in a way to\nuse excessive resources. Upgrading to SA 3.4.3 as soon as possible is the\nrecommended fix but details will not be shared publicly. (CVE-2019-12420)\n","modified":"2026-04-16T04:42:02.097751113Z","published":"2019-12-24T12:24:34Z","upstream":["CVE-2018-11805","CVE-2019-12420"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0406.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25860"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2019/12/12/1"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2019/12/12/2"},{"type":"WEB","url":"https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"},{"type":"WEB","url":"https://www.debian.org/security/2019/dsa-4584"}],"affected":[{"package":{"name":"spamassassin","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/spamassassin?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.3-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0406.json"}},{"package":{"name":"spamassassin-rules","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/spamassassin-rules?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.3-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0406.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}