Описание
Security update for ldns
This update for ldns fixes the following issues:
- CVE-2020-19860: Fixed heap-based out of bounds read when verifying a zone file (bsc#1195057).
- CVE-2020-19861: Fixed heap-based out of bounds read in ldns_nsec3_salt_data() (bsc#1195058).
Список пакетов
openSUSE Leap 15.3
ldns-1.7.0-4.6.1
ldns-devel-1.7.0-4.6.1
libldns2-1.7.0-4.6.1
perl-DNS-LDNS-1.7.0-4.6.1
python3-ldns-1.7.0-4.6.1
Ссылки
- E-Mail link for openSUSE-SU-2022:0675-1
- SUSE Security Ratings
- SUSE Bug 1195057
- SUSE Bug 1195058
- SUSE CVE CVE-2020-19860 page
- SUSE CVE CVE-2020-19861 page
Описание
When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload.
Затронутые продукты
openSUSE Leap 15.3:ldns-1.7.0-4.6.1
openSUSE Leap 15.3:ldns-devel-1.7.0-4.6.1
openSUSE Leap 15.3:libldns2-1.7.0-4.6.1
openSUSE Leap 15.3:perl-DNS-LDNS-1.7.0-4.6.1
Ссылки
- CVE-2020-19860
- SUSE Bug 1195057
Описание
When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage.
Затронутые продукты
openSUSE Leap 15.3:ldns-1.7.0-4.6.1
openSUSE Leap 15.3:ldns-devel-1.7.0-4.6.1
openSUSE Leap 15.3:libldns2-1.7.0-4.6.1
openSUSE Leap 15.3:perl-DNS-LDNS-1.7.0-4.6.1
Ссылки
- CVE-2020-19861
- SUSE Bug 1195058