漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
It was discovered that the ldns-keygen tool incorrectly set permissions on private keys.
It was discovered that ldns incorrectly handled memory when processing data.
漏洞危害
A local attacker could possibly use this issue to obtain generated private keys. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-3209)
A remote attacker could use this issue to cause ldns to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-1000231, CVE-2017-1000232)
解决方案
Refer to Ubuntu advisory USN-3491-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3491-1: 16.04 (Xenial) on src (libldns1)
USN-3491-1: 17.10 (artful) on src (libldns2)
0daybank
文章评论