Bug 16664

Summary: maradns new DoS security issue
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Remco Rijnders <remco>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: 4   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/655998/
Whiteboard:
Source RPM: maradns-1.4.16-1.1.mga4.src.rpm CVE:
Status comment:

Description David Walser 2015-08-28 19:33:17 CEST
Upstream has issued an advisory on August 19:
http://samiam.org/blog/2015-08-19.html

The issue does affect MaraDNS 1, but it's unsupported upstream, so a fix for that won't be released.

Fedora has issued an advisory for this on August 27:
https://lists.fedoraproject.org/pipermail/package-announce/2015-August/165109.html

Reproducible: 

Steps to Reproduce:
Remco Rijnders 2015-09-02 08:20:12 CEST

Status: NEW => ASSIGNED

Comment 1 David Walser 2015-09-04 15:39:01 CEST
Note that the Mageia 4 EOL is in about two weeks, so if we're going to fix this, we need to get it built and to QA soon.
Comment 2 David Walser 2015-09-15 00:19:09 CEST
It's too late to fix this for Mageia 4 now.

Status: ASSIGNED => RESOLVED
Resolution: (none) => OLD