Headline
Gentoo Linux Security Advisory 202401-22
Gentoo Linux Security Advisory 202401-22 - Multiple vulnerabilities have been discovered in libspf2, the worst of which can lead to remote code execution. Versions greater than or equal to 1.2.11 are affected.
Gentoo Linux Security Advisory GLSA 202401-22
https://security.gentoo.org/
Severity: Normal
Title: libspf2: Multiple vulnerabilities
Date: January 15, 2024
Bugs: #807739
ID: 202401-22
Synopsis
Multiple vulnerabilities have been discovered in libspf2, the worst of
which can lead to remote code execution.
Background
libspf2 is a library that implements the Sender Policy Framework,
allowing mail transfer agents to make sure that an email is authorized
by the domain name that it is coming from.
Affected packages
Package Vulnerable Unaffected
mail-filter/libspf2 < 1.2.11 >= 1.2.11
Description
Multiple vulnerabilities have been discovered in libspf2. Please review
the CVE identifiers referenced below for details.
Impact
Various buffer overflows have been identified that can lead to denial of
service and possibly arbitrary code execution.
Workaround
There is no known workaround at this time.
Resolution
All libspf2 users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose “>=mail-filter/libspf2-1.2.11”
References
[ 1 ] CVE-2021-20314
https://nvd.nist.gov/vuln/detail/CVE-2021-20314
[ 2 ] CVE-2021-33912
https://nvd.nist.gov/vuln/detail/CVE-2021-33912
[ 3 ] CVE-2021-33913
https://nvd.nist.gov/vuln/detail/CVE-2021-33913
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202401-22
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Related news
Ubuntu Security Notice 6584-2 - USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 andCVE-2021-33913 in Ubuntu 16.04 LTS. Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 6584-1 - Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.