Headline
Ubuntu Security Notice USN-6584-1
Ubuntu Security Notice 6584-1 - Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
==========================================================================
Ubuntu Security Notice USN-6584-1
January 15, 2024
libspf2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in Libspf2.
Software Description:
- libspf2: Sender Policy Framework for SMTP authorization
Details:
Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled
certain inputs. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. (CVE-2021-20314)
It was discovered that Libspf2 incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file, a
remote attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2021-33912, CVE-2021-33913)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
libmail-spf-xs-perl 1.2.10-7+deb9u2build0.20.04.1
libspf2-2 1.2.10-7+deb9u2build0.20.04.1
libspf2-dev 1.2.10-7+deb9u2build0.20.04.1
spfquery 1.2.10-7+deb9u2build0.20.04.1
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
libmail-spf-xs-perl 1.2.10-7ubuntu0.18.04.1~esm1
libspf2-2 1.2.10-7ubuntu0.18.04.1~esm1
libspf2-dev 1.2.10-7ubuntu0.18.04.1~esm1
spfquery 1.2.10-7ubuntu0.18.04.1~esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
libmail-spf-xs-perl 1.2.10-6ubuntu0.1~esm1
libspf2-2 1.2.10-6ubuntu0.1~esm1
libspf2-dev 1.2.10-6ubuntu0.1~esm1
spfquery 1.2.10-6ubuntu0.1~esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6584-1
CVE-2021-20314, CVE-2021-33912, CVE-2021-33913
Package Information:
https://launchpad.net/ubuntu/+source/libspf2/1.2.10-7+deb9u2build0.20.04.1
Related news
Ubuntu Security Notice 6584-2 - USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 andCVE-2021-33913 in Ubuntu 16.04 LTS. Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
Gentoo Linux Security Advisory 202401-22 - Multiple vulnerabilities have been discovered in libspf2, the worst of which can lead to remote code execution. Versions greater than or equal to 1.2.11 are affected.
Gentoo Linux Security Advisory 202401-22 - Multiple vulnerabilities have been discovered in libspf2, the worst of which can lead to remote code execution. Versions greater than or equal to 1.2.11 are affected.
Gentoo Linux Security Advisory 202401-22 - Multiple vulnerabilities have been discovered in libspf2, the worst of which can lead to remote code execution. Versions greater than or equal to 1.2.11 are affected.