An opendkim security update has been released for Debian GNU/Linux 9 Extended LTS to address an issue that allowed a remote attacker to craft an e-mail message with a fake sender address.
ELA-1017-1 opendkim security update
Package : opendkim
Version : 2.11.0~alpha-10+deb9u2 (stretch)
Related CVEs :
CVE-2022-48521
CVE-2022-48521:
An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely on Authentication-Results from OpenDKIM will treat the message as having a valid DKIM signature when in fact it has none.
