Headline
Ubuntu Security Notice USN-6584-2
Ubuntu Security Notice 6584-2 - USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 andCVE-2021-33913 in Ubuntu 16.04 LTS. Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
==========================================================================
Ubuntu Security Notice USN-6584-2
February 21, 2024
libspf2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Libspf2.
Software Description:
- libspf2: Sender Policy Framework for SMTP authorization
Details:
USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. This update provides the corresponding updates for
CVE-2021-33912 and CVE-2021-33913 in Ubuntu 16.04 LTS.
We apologize for the inconvenience.
Original advisory details:
Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled
certain inputs. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. (CVE-2021-20314)
It was discovered that Libspf2 incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file, a
remote attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2021-33912, CVE-2021-33913)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
libmail-spf-xs-perl 1.2.10-6ubuntu0.1~esm2
libspf2-2 1.2.10-6ubuntu0.1~esm2
libspf2-dev 1.2.10-6ubuntu0.1~esm2
spfquery 1.2.10-6ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6584-2
https://ubuntu.com/security/notices/USN-6584-1
CVE-2021-33912, CVE-2021-33913
Related news
Gentoo Linux Security Advisory 202401-22 - Multiple vulnerabilities have been discovered in libspf2, the worst of which can lead to remote code execution. Versions greater than or equal to 1.2.11 are affected.
Gentoo Linux Security Advisory 202401-22 - Multiple vulnerabilities have been discovered in libspf2, the worst of which can lead to remote code execution. Versions greater than or equal to 1.2.11 are affected.
Gentoo Linux Security Advisory 202401-22 - Multiple vulnerabilities have been discovered in libspf2, the worst of which can lead to remote code execution. Versions greater than or equal to 1.2.11 are affected.
Ubuntu Security Notice 6584-1 - Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Ubuntu Security Notice 6584-1 - Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Ubuntu Security Notice 6584-1 - Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.