First published: Mon Sep 11 2023(Updated: )
Jianjun Chen, Vern Paxson and Jian Jiang discovered that OpenDMARC incorrectly handled certain inputs. If a user or an automated system were tricked into receiving crafted inputs, an attacker could possibly use this to falsify the domain of an e-mails origin. (CVE-2020-12272) Patrik Lantz discovered that OpenDMARC incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2020-12460)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libopendmarc2 | <1.3.2-7ubuntu0.1 | 1.3.2-7ubuntu0.1 |
=20.04 | ||
All of | ||
ubuntu/opendmarc | <1.3.2-7ubuntu0.1 | 1.3.2-7ubuntu0.1 |
=20.04 | ||
All of | ||
ubuntu/libopendmarc2 | <1.3.2-3ubuntu0.2 | 1.3.2-3ubuntu0.2 |
=18.04 | ||
All of | ||
ubuntu/opendmarc | <1.3.2-3ubuntu0.2 | 1.3.2-3ubuntu0.2 |
=18.04 | ||
All of | ||
ubuntu/libopendmarc2 | <1.3.1+dfsg-3ubuntu0.1~esm1 | 1.3.1+dfsg-3ubuntu0.1~esm1 |
=16.04 | ||
All of | ||
ubuntu/opendmarc | <1.3.1+dfsg-3ubuntu0.1~esm1 | 1.3.1+dfsg-3ubuntu0.1~esm1 |
=16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of USN-6356-1 is medium.
OpenDMARC incorrectly handles certain inputs in USN-6356-1.
If a user or an automated system receives crafted inputs, an attacker could falsify the domain of an email's origin.
The software versions affected by USN-6356-1 are libopendmarc2 1.3.2-7ubuntu0.1, opendmarc 1.3.2-7ubuntu0.1, libopendmarc2 1.3.2-3ubuntu0.2, opendmarc 1.3.2-3ubuntu0.2, libopendmarc2 1.3.1+dfsg-3ubuntu0.1~esm1, and opendmarc 1.3.1+dfsg-3ubuntu0.1~esm1.
To fix the vulnerability in USN-6356-1, update the libopendmarc2 and opendmarc packages to the specified versions.