USN-6584-2: Libspf2 vulnerabilities
21 February 2024
Several security issues were fixed in Libspf2.
Releases
Packages
- libspf2 - Sender Policy Framework for SMTP authorization
Details
USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. This update provides the corresponding updates for
CVE-2021-33912 and CVE-2021-33913 in Ubuntu 16.04 LTS.
We apologize for the inconvenience.
Original advisory details:
Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled
certain inputs. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. (CVE-2021-20314)
It was discovered that Libspf2 incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file, a
remote attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2021-33912, CVE-2021-33913)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
libmail-spf-xs-perl
-
1.2.10-6ubuntu0.1~esm2
Available with Ubuntu Pro
-
libspf2-2
-
1.2.10-6ubuntu0.1~esm2
Available with Ubuntu Pro
-
libspf2-dev
-
1.2.10-6ubuntu0.1~esm2
Available with Ubuntu Pro
-
spfquery
-
1.2.10-6ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-6584-1: libmail-spf-xs-perl, spfquery, libspf2-dev, libspf2-2, libspf2