CVE-2014-3209
Published: 15 November 2014
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.
Notes
Author | Note |
---|---|
mdeslaur | ldns-keygen is in the ldnsutils package in universe |
Priority
Status
Package | Release | Status |
---|---|---|
ldns Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(1.7.0-1ubuntu1)
|
lucid |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Released
(1.6.17-1ubuntu0.1)
|
|
upstream |
Released
(1.6.17-4)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(1.6.17-8)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Not vulnerable
(1.7.0-1ubuntu1)
|
|
Patches: upstream: https://git.nlnetlabs.nl/ldns/commit/?h=develop&id=169f38c1e25750f935838b670871056428977e6b |
||
Binaries built from this source package are in Universe and so are supported by the community. |