CVE-2015-1868

Bug #1450037 reported by Felix Geyer on 2015-04-29
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pdns (Ubuntu)
Undecided
Unassigned
Trusty
Undecided
Unassigned
Utopic
Undecided
Unassigned
Vivid
Undecided
Unassigned

Bug Description

pdns is vulnerable to a label decompression bug can cause crashes on specific platforms:
https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/

Felix Geyer (debfx) wrote :

debdiffs follow.
precise is not affected (only version 3.2 and up).

Felix Geyer (debfx) wrote :
Felix Geyer (debfx) wrote :
Felix Geyer (debfx) wrote :
Marc Deslauriers (mdeslaur) wrote :

ACK on the debdiffs. They look good.

Packages are building now and will be released later on today.

Thanks!

Changed in pdns (Ubuntu Trusty):
status: New → Fix Committed
Changed in pdns (Ubuntu Utopic):
status: New → Fix Committed
Changed in pdns (Ubuntu Vivid):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pdns - 3.3-2ubuntu0.1

---------------
pdns (3.3-2ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: label decompression bug (LP: #1450037)
    - debian/patches/CVE-2015-1868: apply upstream fix
    - CVE-2015-1868

 -- Felix Geyer <email address hidden> Wed, 29 Apr 2015 15:27:51 +0200

Changed in pdns (Ubuntu Trusty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pdns - 3.3.1-4ubuntu0.1

---------------
pdns (3.3.1-4ubuntu0.1) utopic-security; urgency=medium

  * SECURITY UPDATE: label decompression bug (LP: #1450037)
    - debian/patches/CVE-2015-1868: apply upstream fix
    - CVE-2015-1868

 -- Felix Geyer <email address hidden> Wed, 29 Apr 2015 16:21:06 +0200

Changed in pdns (Ubuntu Utopic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package pdns - 3.4.1-4ubuntu0.1

---------------
pdns (3.4.1-4ubuntu0.1) vivid-security; urgency=medium

  * SECURITY UPDATE: label decompression bug (LP: #1450037)
    - debian/patches/CVE-2015-1868: apply upstream fix
    - CVE-2015-1868

 -- Felix Geyer <email address hidden> Wed, 29 Apr 2015 16:19:01 +0200

Changed in pdns (Ubuntu Vivid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers