stable

adns-1.6.0-1.fc31

FEDORA-2020-e59bcaf702 created by sergiomb 4 years ago for Fedora 31

New upstream release * Important security fixes: CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9109: Vulnerable applications: all adns callers. Exploitable by: the local recursive resolver. Likely worst case: Remote code execution. CVE-2017-9106: Vulnerable applications: those that make SOA queries. Exploitable by: upstream DNS data sources. Likely worst case: DoS (crash of the adns-using application) CVE-2017-9107: Vulnerable applications: those that use adns_qf_quoteok_query. Exploitable by: sources of query domain names. Likely worst case: DoS (crash of the adns-using application) CVE-2017-9108: Vulnerable applications: adnshost. Exploitable by: code responsible for framing the input. Likely worst case: DoS (adnshost crashes at EOF). All found by AFL 2.35b. Thanks to the University of Cambridge Department of Applied Mathematics for computing facilities.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2020-e59bcaf702

This update has been submitted for testing by sergiomb.

4 years ago

This update's test gating status has been changed to 'ignored'.

4 years ago

This update's test gating status has been changed to 'waiting'.

4 years ago

This update's test gating status has been changed to 'ignored'.

4 years ago

This update has been pushed to testing.

4 years ago

This update can be pushed to stable now if the maintainer wishes

4 years ago

This update has been submitted for stable by bodhi.

4 years ago

This update has been pushed to stable.

4 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
4 years ago
in testing
4 years ago
in stable
4 years ago
BZ#1846479 adns-1.6.0 is available
0
0
BZ#1849772 CVE-2017-9105 adns: pointer corruption when a nameserver speaks first because of a wrong number of pointer dereferences
0
0
BZ#1849773 CVE-2017-9105 adns: pointer corruption when a nameserver speaks first because of a wrong number of pointer dereferences [fedora-all]
0
0
BZ#1849775 CVE-2017-9103 adns: pap_mailbox822 does not properly check st from adns__findlabel_next
0
0
BZ#1849776 CVE-2017-9103 adns: pap_mailbox822 does not properly check st from adns__findlabel_next [fedora-all]
0
0
BZ#1849777 CVE-2017-9104 adns: uncontrolled resource consumption when a compression pointer loop is encountered
0
0
BZ#1849778 CVE-2017-9104 adns: uncontrolled resource consumption when a compression pointer loop is encountered [fedora-all]
0
0
BZ#1849779 CVE-2017-9109 adns: out-of-bounds access when handling apparent answers
0
0
BZ#1849780 CVE-2017-9109 adns: out-of-bounds access when handling apparent answers [fedora-all]
0
0
BZ#1849782 CVE-2017-9106 adns: lack of check for out-of-range integers values can lead to out-of-bounds access
0
0
BZ#1849783 CVE-2017-9106 adns: lack of check for out-of-range integers values can lead to out-of-bounds access [fedora-all]
0
0
BZ#1849784 CVE-2017-9107 adns: out-of-bounds read when a domain ends with backslash
0
0
BZ#1849785 CVE-2017-9107 adns: out-of-bounds read when a domain ends with backslash [fedora-all]
0
0
BZ#1849787 CVE-2017-9108 adns: improper handling of a missing final newline on a stdin read
0
0
BZ#1849788 CVE-2017-9108 adns: improper handling of a missing final newline on a stdin read [fedora-all]
0
0

Automated Test Results