libspf2: Multiple vulnerabilities — GLSA 202401-22

Multiple vulnerabilities have been discovered in libspf2, the worst of which can lead to remote code execution.

Affected packages

mail-filter/libspf2 on all architectures
Affected versions < 1.2.11
Unaffected versions >= 1.2.11

Background

libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from.

Description

Multiple vulnerabilities have been discovered in libspf2. Please review the CVE identifiers referenced below for details.

Impact

Various buffer overflows have been identified that can lead to denial of service and possibly arbitrary code execution.

Workaround

There is no known workaround at this time.

Resolution

All libspf2 users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=mail-filter/libspf2-1.2.11"
 

References

Release date
January 15, 2024

Latest revision
January 15, 2024: 1

Severity
normal

Exploitable
remote

Bugzilla entries