It was discovered that the ldns-keygen tool incorrectly set permissions on private keys.
It was discovered that ldns incorrectly handled memory when processing data.
A local attacker could possibly use this issue to obtain generated private keys. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-3209)
A remote attacker could use this issue to cause ldns to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-1000231, CVE-2017-1000232)
Refer to Ubuntu advisory USN-3491-1 for affected packages and patching details, or update with your package manager.
Following are links for downloading patches to fix the vulnerabilities: