group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1773720] Re: CVE-2017-15105

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1773720@xxxxxxxxxxxxxxxxxx>
Date: Thu, 07 Jun 2018 22:13:12 -0000
Reply-to: Bug 1773720 <1773720@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package unbound - 1.5.8-1ubuntu1.1

---------------
unbound (1.5.8-1ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: vulnerability in the processing of wildcard
    synthesized NSEC records (LP: #1773720)
    - debian/patches/CVE-2017-15105.patch
    - CVE-2017-15105
  * Fix install of trust anchor when two anchors are present
    - debian/patches/unbound-r4302.patch

 -- Simon Deziel <simon@xxxxxxxxxxxx>  Mon, 28 May 2018 02:38:19 +0000

** Changed in: unbound (Ubuntu Xenial)
       Status: New => Fix Released

** Changed in: unbound (Ubuntu Artful)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1773720

Title:
  CVE-2017-15105

Status in unbound package in Ubuntu:
  Fix Released
Status in unbound source package in Xenial:
  Fix Released
Status in unbound source package in Artful:
  Fix Released
Status in unbound source package in Bionic:
  Fix Released

Bug description:
  A flaw was found in the way unbound before 1.6.8 validated wildcard-
  synthesized NSEC records. An improperly validated wildcard NSEC record
  could be used to prove the non-existence (NXDOMAIN answer) of an
  existing wildcard record, or trick unbound into accepting a NODATA
  proof.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720/+subscriptions