Ubuntu
pdns package

CVE-2015-1868

Bug #1450037 reported by Felix Geyer on 2015-04-29

258

This bug affects 1 person

	Status	Importance	Assigned to
pdns (Ubuntu)	Fix Released	Undecided	Unassigned
Trusty	Fix Released	Undecided	Unassigned
Utopic	Fix Released	Undecided	Unassigned
Vivid	Fix Released	Undecided	Unassigned

Bug Description

pdns is vulnerable to a label decompression bug can cause crashes on specific platforms:
https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/

Related branches

lp:ubuntu/vivid-security/pdns

lp:ubuntu/trusty-security/pdns

CVE References

2015-1868

Revision history for this message

Felix Geyer (debfx) wrote on 2015-04-29:

debdiffs follow.
precise is not affected (only version 3.2 and up).

Revision history for this message

Felix Geyer (debfx) wrote on 2015-04-29:

pdns_3.3-2ubuntu0.1.debdiff Edit (2.4 KiB, text/plain)

Revision history for this message

Felix Geyer (debfx) wrote on 2015-04-29:

pdns_3.3.1-4ubuntu0.1.debdiff Edit (2.4 KiB, text/plain)

Revision history for this message

Felix Geyer (debfx) wrote on 2015-04-29:

pdns_3.4.1-4ubuntu0.1.debdiff Edit (2.4 KiB, text/plain)

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2015-04-30:

ACK on the debdiffs. They look good.

Packages are building now and will be released later on today.

Thanks!

Changed in pdns (Ubuntu Trusty):
status:	New → Fix Committed
Changed in pdns (Ubuntu Utopic):
status:	New → Fix Committed
Changed in pdns (Ubuntu Vivid):
status:	New → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-04-30:

This bug was fixed in the package pdns - 3.3-2ubuntu0.1

---------------
pdns (3.3-2ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: label decompression bug (LP: #1450037)
    - debian/patches/CVE-2015-1868: apply upstream fix
    - CVE-2015-1868

-- Felix Geyer <email address hidden> Wed, 29 Apr 2015 15:27:51 +0200

Changed in pdns (Ubuntu Trusty):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-04-30:

This bug was fixed in the package pdns - 3.3.1-4ubuntu0.1

---------------
pdns (3.3.1-4ubuntu0.1) utopic-security; urgency=medium

  * SECURITY UPDATE: label decompression bug (LP: #1450037)
    - debian/patches/CVE-2015-1868: apply upstream fix
    - CVE-2015-1868

-- Felix Geyer <email address hidden> Wed, 29 Apr 2015 16:21:06 +0200

Changed in pdns (Ubuntu Utopic):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-04-30:

This bug was fixed in the package pdns - 3.4.1-4ubuntu0.1

---------------
pdns (3.4.1-4ubuntu0.1) vivid-security; urgency=medium

  * SECURITY UPDATE: label decompression bug (LP: #1450037)
    - debian/patches/CVE-2015-1868: apply upstream fix
    - CVE-2015-1868

-- Felix Geyer <email address hidden> Wed, 29 Apr 2015 16:19:01 +0200

Changed in pdns (Ubuntu Vivid):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntupdns package

CVE-2015-1868

Bug Description

Related branches

CVE References

Other bug subscribers

Patches

Remote bug watches

Ubuntu
pdns package