USN-6584-1: Libspf2 vulnerabilities
15 January 2024
Several security issues were fixed in Libspf2.
Releases
Packages
- libspf2 - Sender Policy Framework for SMTP authorization
Details
Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled
certain inputs. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. (CVE-2021-20314)
It was discovered that Libspf2 incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file, a
remote attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2021-33912, CVE-2021-33913)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
-
libmail-spf-xs-perl
-
1.2.10-7+deb9u2build0.20.04.1
-
libspf2-2
-
1.2.10-7+deb9u2build0.20.04.1
-
libspf2-dev
-
1.2.10-7+deb9u2build0.20.04.1
-
spfquery
-
1.2.10-7+deb9u2build0.20.04.1
Ubuntu 18.04
-
libmail-spf-xs-perl
-
1.2.10-7ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
-
libspf2-2
-
1.2.10-7ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
-
libspf2-dev
-
1.2.10-7ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
-
spfquery
-
1.2.10-7ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
libmail-spf-xs-perl
-
1.2.10-6ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspf2-2
-
1.2.10-6ubuntu0.1~esm1
Available with Ubuntu Pro
-
libspf2-dev
-
1.2.10-6ubuntu0.1~esm1
Available with Ubuntu Pro
-
spfquery
-
1.2.10-6ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-6584-2: libmail-spf-xs-perl, libspf2-2, libspf2, spfquery, libspf2-dev