Ubuntu
pdns package

CVE-2015-1868

Bug #1450037 reported by Felix Geyer on 2015-04-29
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pdns (Ubuntu)
Fix Released
Undecided
Unassigned
Trusty
Fix Released
Undecided
Unassigned
Utopic
Fix Released
Undecided
Unassigned
Vivid
Fix Released
Undecided
Unassigned
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

pdns is vulnerable to a label decompression bug can cause crashes on specific platforms:
https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/

Felix Geyer (debfx) wrote :

debdiffs follow.
precise is not affected (only version 3.2 and up).

Felix Geyer (debfx) wrote :
Felix Geyer (debfx) wrote :
Felix Geyer (debfx) wrote :
Marc Deslauriers (mdeslaur) wrote :

ACK on the debdiffs. They look good.

Packages are building now and will be released later on today.

Thanks!

Changed in pdns (Ubuntu Trusty):
status: New → Fix Committed
Changed in pdns (Ubuntu Utopic):
status: New → Fix Committed
Changed in pdns (Ubuntu Vivid):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pdns - 3.3-2ubuntu0.1

---------------
pdns (3.3-2ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: label decompression bug (LP: #1450037)
    - debian/patches/CVE-2015-1868: apply upstream fix
    - CVE-2015-1868

 -- Felix Geyer <email address hidden> Wed, 29 Apr 2015 15:27:51 +0200

Changed in pdns (Ubuntu Trusty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pdns - 3.3.1-4ubuntu0.1

---------------
pdns (3.3.1-4ubuntu0.1) utopic-security; urgency=medium

  * SECURITY UPDATE: label decompression bug (LP: #1450037)
    - debian/patches/CVE-2015-1868: apply upstream fix
    - CVE-2015-1868

 -- Felix Geyer <email address hidden> Wed, 29 Apr 2015 16:21:06 +0200

Changed in pdns (Ubuntu Utopic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pdns - 3.4.1-4ubuntu0.1

---------------
pdns (3.4.1-4ubuntu0.1) vivid-security; urgency=medium

  * SECURITY UPDATE: label decompression bug (LP: #1450037)
    - debian/patches/CVE-2015-1868: apply upstream fix
    - CVE-2015-1868

 -- Felix Geyer <email address hidden> Wed, 29 Apr 2015 16:19:01 +0200

Changed in pdns (Ubuntu Vivid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.
Subscribing...

Other bug subscribers