Fedora 36: FEDORA-2021-bb9738d885 High: Libfoo Memory Leak

libspf2 is an implementation of the SPF (Sender Policy Framework)

specification as found at:

https://www.ietf.org/archive/id/draft-mengwong-spf-00.txt

SPF allows email systems to check SPF DNS records and make sure that

an email is authorized by the administrator of the domain name that

it is coming from. This prevents email forgery, commonly used by

spammers, scammers, and email viruses/worms.

A lot of effort has been put into making it secure by design, and a

great deal of effort has been put into the regression tests.

Update to latest in git.

* Wed Sep 22 2021 Bojan Smojver - 1.2.11-1.20210922git4915c308

- Build latest upstream git HEAD

- CVE-2021-20314

[ 1 ] Bug #1993071 - CVE-2021-20314 libspf2: stack buffer overflow when processing SPF explanation macros [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1993071

[ 2 ] Bug #1993072 - CVE-2021-20314 libspf2: stack buffer overflow when processing SPF explanation macros [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1993072

su -c 'dnf upgrade --advisory FEDORA-2021-aa8637c985' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure