Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Fedora 33 libspf2: FEDORA-2021-044be3d54e Moderate Buffer Overflow Risk

fedora
Calendar Grey September 29, 2021
Dist Fedora Esm H88
Attention users: A critical update has been released for libspf2 to address security vulnerabilities, notably a buffer overflow, which fortifies email security within the Fedora environment.
Update to latest in git.

Summary

libspf2 is an implementation of the SPF (Sender Policy Framework)

specification as found at:

https://www.ietf.org/archive/id/draft-mengwong-spf-00.txt

SPF allows email systems to check SPF DNS records and make sure that

an email is authorized by the administrator of the domain name that

it is coming from. This prevents email forgery, commonly used by

spammers, scammers, and email viruses/worms.

A lot of effort has been put into making it secure by design, and a

great deal of effort has been put into the regression tests.

Update to latest in git.

* Wed Sep 22 2021 Bojan Smojver - 1.2.11-1.20210922git4915c308

- Build latest upstream git HEAD

- CVE-2021-20314

* Thu Jul 22 2021 Fedora Release Engineering - 1.2.10-30.20150405gitd57d79fd

- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

* Fri May 21 2021 Jitka Plesnikova - 1.2.10-29.20150405gitd57d79fd

- Perl 5.34 rebuild

* Tue Jan 26 2021 Fedora Release Engineering - 1.2.10-28.20150405gitd57d79fd

- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

[ 1 ] Bug #1993071 - CVE-2021-20314 libspf2: stack buffer overflow when processing SPF explanation macros [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1993071

[ 2 ] Bug #1993072 - CVE-2021-20314 libspf2: stack buffer overflow when processing SPF explanation macros [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1993072

su -c 'dnf upgrade --advisory FEDORA-2021-044be3d54e' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora update notification libspf2 email fraud prevention

Change Log

References

Update Instructions

Product: Fedora 33
Version: 1.2.11
Release: 1.20210922git4915c308.fc33
URL: Summary : An implementation of the SPF specification

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora update notification libspf2 email fraud prevention

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here