UbuntuUpdates.org

Package "libldns2"

Name: libldns2

Description:

ldns library for DNS programming

Latest version: 1.7.0-3ubuntu4.1
Release: bionic (18.04)
Level: updates
Repository: main
Head package: ldns

Links


Download "libldns2"


Other versions of "libldns2" in Bionic

Repository Area Version
base main 1.7.0-3ubuntu4
security main 1.7.0-3ubuntu4.1

Changelog

Version: 1.7.0-3ubuntu4.1 2022-01-31 16:06:24 UTC

  ldns (1.7.0-3ubuntu4.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Heap out of bounds read
    - debian/patches/CVE-2020-19860-*.patch: fix it
      adding more checks in rr.c.
    - CVE-2020-19860
  * SECURITY UPDATE: Heap out of bounds read
    - debian/patches/CVE-2020-19861.patch: fix it in
      dnssec.c.
    - CVE-2020-19861

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 25 Jan 2022 11:31:38 -0300

CVE-2020-19860 When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can
CVE-2020-19861 When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the



About   -   Send Feedback to @ubuntu_updates