Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in ldns
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in ldns
ID: USN-3491-1
Distribution: Ubuntu
Plattformen: Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.04, Ubuntu 17.10
Datum: Do, 23. November 2017, 00:15
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000231
Applikationen: ldns

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7701820828200154311==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="5AKUhJIot6GltwFQAOGaIKTbcpXQxmOSa"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--5AKUhJIot6GltwFQAOGaIKTbcpXQxmOSa
Content-Type: multipart/mixed;
boundary="8Du1lNX9QvX9oDVjPRf12N614MWiNqSPQ";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <31cb5213-211d-b8a3-2bf9-28f71c7daa62@canonical.com>
Subject: [USN-3491-1] ldns vulnerabilities

--8Du1lNX9QvX9oDVjPRf12N614MWiNqSPQ
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3491-1
November 22, 2017

ldns vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in ldns.

Software Description:
- ldns: ldns library for DNS programming

Details:

Leon Weber discovered that the ldns-keygen tool incorrectly set permissions
on private keys. A local attacker could possibly use this issue to obtain
generated private keys. This issue only applied to Ubuntu 14.04 LTS.
(CVE-2014-3209)

Stephan Zeisberg discovered that ldns incorrectly handled memory when
processing data. A remote attacker could use this issue to cause ldns to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2017-1000231, CVE-2017-1000232)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
libldns2 1.7.0-1ubuntu1.17.10.1

Ubuntu 17.04:
libldns2 1.7.0-1ubuntu1.17.04.1

Ubuntu 16.04 LTS:
libldns1 1.6.17-8ubuntu0.1

Ubuntu 14.04 LTS:
libldns1 1.6.17-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://www.ubuntu.com/usn/usn-3491-1
CVE-2014-3209, CVE-2017-1000231, CVE-2017-1000232

Package Information:
https://launchpad.net/ubuntu/+source/ldns/1.7.0-1ubuntu1.17.10.1
https://launchpad.net/ubuntu/+source/ldns/1.7.0-1ubuntu1.17.04.1
https://launchpad.net/ubuntu/+source/ldns/1.6.17-8ubuntu0.1
https://launchpad.net/ubuntu/+source/ldns/1.6.17-1ubuntu0.1



--8Du1lNX9QvX9oDVjPRf12N614MWiNqSPQ--

--5AKUhJIot6GltwFQAOGaIKTbcpXQxmOSa
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJaFeUUAAoJEGVp2FWnRL6T/U0QALjNKO8O6aKT8S/flTC3EtIe
xnUhDhqWH5xhXZWz1FSrO643Xqof+BoMNHoKcV3lz5obu3dFPK7WonX+W67pEM8q
EhKhltbjKhFAcQn9RXkLsiPC9XxrI6GSgGvn1lcab3lQn93Q1tfcEXEFF7XA+m7U
EmJcynfMVF5eMIj6FCSOgJ4QKEERrqJC5HOnQq9z8rxDCIpa7XDeDVJ/chF8S+2T
6DScARaBT2V7yMN2eTT++hW5cJvukF0MO52ELEmQs0OZssN+MmXe59q9hLYCOjxb
1Tq28x4EALPbUIBrRJYGKW0KXfgqD3EX4GcTniWrLpg5D0g/o9TqOxmWbGMjbas1
+1lKi5ZweKZN5PsycByzWEW3936dcFKyE8csMr9xVXaaBaGN4MaUJo25hvUlv2Z9
sEvi1s7Mzp+v2SS/gj49SvxSXj62YBmb5bpCP/scUo4vkRwE1eBFSChinog8exGi
SUo4NR+NIiBZ+9uh/9l8f04OXvUSIoFgvrj23GYwuibX7lUwHy77syPHefHxEElu
SzR8Zy5pORI8PLcQz1VakHQNSGwxwnJ0M7EAKD8UOZGkCLTcAsjAesEXa2ixSeJG
lOaj/bPp4kAnk9HR8RcMHNs1wqkrHThkDAMNr6zQrfjo0/QXlcPkseQNtFVu7U8i
Mw5s/JT5odIUXQgWD8Hf
=FMBt
-----END PGP SIGNATURE-----

--5AKUhJIot6GltwFQAOGaIKTbcpXQxmOSa--


--===============7701820828200154311==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============7701820828200154311==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung