group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1773720] Re: CVE-2017-15105

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1773720@xxxxxxxxxxxxxxxxxx>
Date: Thu, 07 Jun 2018 22:16:10 -0000
Reply-to: Bug 1773720 <1773720@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package unbound - 1.6.5-1ubuntu0.2

---------------
unbound (1.6.5-1ubuntu0.2) artful-security; urgency=medium

  * SECURITY UPDATE: vulnerability in the processing of wildcard
    synthesized NSEC records (LP: #1773720)
    - debian/patches/CVE-2017-15105.patch
    - CVE-2017-15105

 -- Simon Deziel <simon@xxxxxxxxxxxx>  Mon, 28 May 2018 02:38:19 +0000

** Changed in: unbound (Ubuntu Bionic)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1773720

Title:
  CVE-2017-15105

Status in unbound package in Ubuntu:
  Fix Released
Status in unbound source package in Xenial:
  Fix Released
Status in unbound source package in Artful:
  Fix Released
Status in unbound source package in Bionic:
  Fix Released

Bug description:
  A flaw was found in the way unbound before 1.6.8 validated wildcard-
  synthesized NSEC records. An improperly validated wildcard NSEC record
  could be used to prove the non-existence (NXDOMAIN answer) of an
  existing wildcard record, or trick unbound into accepting a NODATA
  proof.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1773720/+subscriptions