-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-6ed251c42b 2018-09-29 23:56:16.096340 --------------------------------------------------------------------------------
Name : spamassassin Product : Fedora 27 Version : 3.4.2 Release : 2.fc27 URL : https://spamassassin.apache.org/ Summary : Spam filter for email which can be invoked from mail delivery agents Description : SpamAssassin provides you with a way to reduce if not completely eliminate Unsolicited Commercial Email (SPAM) from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm evolved scoring system to identify messages which look spammy, then adds headers to the message so they can be filtered by the user's mail reading software. This distribution includes the spamd/spamc components which create a server that considerably speeds processing of mail.
To enable spamassassin, if you are receiving mail locally, simply add this line to your ~/.procmailrc: INCLUDERC=/etc/mail/spamassassin/spamassassin-default.rc
To filter spam for all users, add that line to /etc/procmailrc (creating if necessary).
-------------------------------------------------------------------------------- Update Information:
Fixed some small bugs in the previous package: Initial rules now have the correct version, sought channel config is dropped (since it doesn't exist anymore) and build / runtime deps adjusted. ---- Update to 3.4.2. Fixes CVE-2017-15705, CVE-2018-11780 and CVE-2018-11781 along with many other bugfixes and improvements. See https://www.mail- archive.com/announce@apache.org/msg04823.html for more information. -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 20 2018 Kevin Fenzi kevin@scrye.com - 3.4.2-2 - Misc small bug fixes and cleanups. * Sun Sep 16 2018 Kevin Fenzi kevin@scrye.com - 3.4.2-1 - Update to 3.4.2 - Fixes: CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781 * Mon Jul 23 2018 Jaroslav ��karvada jskarvad@redhat.com - 3.4.1-25 - perl-Razor-Agent and perl-Net-Patricia not used on RHEL * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 3.4.1-24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue Jul 10 2018 Tomas Korbar tkorbar@redhat.com - 3.4.1-23 - Fix daemonize subroutine - See https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7594 * Fri Jun 29 2018 Jitka Plesnikova jplesnik@redhat.com - 3.4.1-22 - Perl 5.28 rebuild * Wed Jun 20 2018 Kevin Fenzi kevin@scrye.com - 3.4.1-21 - Conditionalize Requires for /sbin/service and /sbin/chkconfig. Fixes bug #1592390 * Thu Jun 7 2018 Tomas Korbar tomas.korb@seznam.cz - 3.4.1-20 - Add razor log path and home directory option * Tue Apr 10 2018 Rafael Santos rdossant@redhat.com - 3.4.1-19 - Use standard Fedora linker flags (bug #1548561) * Fri Feb 9 2018 Fedora Release Engineering releng@fedoraproject.org - 3.4.1-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Mon Oct 23 2017 Kevin Fenzi kevin@scrye.com - 3.4.1-17 - Add upstream patch to stop sa-learn warnings. Fixes bug #1505317 - Add upstream patch to stop DNS warnings. Fixes bug #1364932 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1629537 - CVE-2018-11781 spamassassin: Local user code injection in the meta rule syntax [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1629537 [ 2 ] Bug #1629534 - CVE-2018-11780 spamassassin: Potential remote code execution vulnerability in PDFInfo plugin [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1629534 [ 3 ] Bug #1629522 - CVE-2017-15705 spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and resulting denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1629522 [ 4 ] Bug #1629491 - SpamAssassin 3.4.2 released with CVE disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1629491 [ 5 ] Bug #1590592 - Need spamassassin release with patch for bug 7208 included https://bugzilla.redhat.com/show_bug.cgi?id=1590592 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-6ed251c42b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------