------------------------------------------------------------------------- Debian LTS Advisory DLA-3680-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Tobias Frost December 03, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : opendkim Version : 2.11.0~alpha-12+deb10u1 CVE ID : CVE-2022-48521 Debian Bug : 1041107 An issue (CVE-2022-48521) was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely on Authentication-Results from OpenDKIM will treat the message as having a valid DKIM signature when in fact it has none. For Debian 10 buster, this problem has been fixed in version 2.11.0~alpha-12+deb10u1. We recommend that you upgrade your opendkim packages. For the detailed security status of opendkim please refer to its security tracker page at: https://security-tracker.debian.org/tracker/opendkim Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature