Date: Wed, 22 Oct 2008 12:21:04 -0500 (CDT) From: Jeffrey Goldberg <jeffrey@goldmark.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: security-officer@FreeBSD.org Subject: ports/128298: Security: mail/libspf2, mail/libspf2-10 buffer overflow Message-ID: <20081022172104.3829D2E005C@n118.ewd.goldmark.org> Resent-Message-ID: <200810221740.m9MHe1eR039911@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 128298
>Category: ports
>Synopsis: Security: mail/libspf2, mail/libspf2-10 buffer overflow
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Oct 22 17:40:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Jeffrey Goldberg
>Release: FreeBSD 7.1-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD dobby.ewd.goldmark.org 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #20: Thu Sep 4 17:09:34 CDT 2008 root@dobby.ewd.goldmark.org:/usr/obj/usr/src/sys/DOBBY i386
>Description:
According to reports (I have not verified this personally), versions
of libspf2 prior to 1.2.8 are vulnerable to exploits of a buffer
overflow due to errors in how SPF records are parsed
http://www.doxpara.com/?page_id=1256
>How-To-Repeat:
>Fix:
Upgrade to libspf2 version 1.2.8
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081022172104.3829D2E005C>