CVE-2014-3209 Ubuntu Security Notification for Ldns Vulnerabilities (USN-3491-1)

漏洞类别:Ubuntu

漏洞等级:

漏洞信息

It was discovered that the ldns-keygen tool incorrectly set permissions on private keys.

It was discovered that ldns incorrectly handled memory when processing data.

漏洞危害

A local attacker could possibly use this issue to obtain generated private keys. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-3209)

A remote attacker could use this issue to cause ldns to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-1000231, CVE-2017-1000232)

解决方案

Refer to Ubuntu advisory USN-3491-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3491-1: 16.04 (Xenial) on src (libldns1)

USN-3491-1: 17.10 (artful) on src (libldns2)

USN-3491-1: 17.04 (zesty) on src (libldns2)

USN-3491-1: 14.04 (Kylin) on src (libldns1)

Leave a Reply