A CVE has been assigned for a security issue in ldns today (May 4): http://openwall.com/lists/oss-security/2014/05/05/4 No fix is available yet. Mageia 3 and Mageia 4 are also affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO, MGA3TOO
fixed with ldns-1.6.16-2.1.mga3, ldns-1.6.16-3.1.mga4 & ldns-1.6.17-1.mga5
CC: (none) => oe
Thanks Oden! Advisory: ======================== Updated ldns packages fix security vulnerability: ldns-keygen creates a private key with the default permissions according to the user's umask, which in most cases will cause the private key to be world-readable (CVE-2014-3209). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3209 http://openwall.com/lists/oss-security/2014/05/05/4 ======================== Updated packages in core/updates_testing: ======================== ldns-utils-1.6.16-2.1.mga3 libldns1-1.6.16-2.1.mga3 libldns-devel-1.6.16-2.1.mga3 python-ldns-1.6.16-2.1.mga3 ldns-utils-1.6.16-3.1.mga4 libldns1-1.6.16-3.1.mga4 libldns-devel-1.6.16-3.1.mga4 python-ldns-1.6.16-3.1.mga4 from SRPMS: ldns-1.6.16-2.1.mga3.src.rpm ldns-1.6.16-3.1.mga4.src.rpm
Version: Cauldron => 4Assignee: luis.daniel.lucio => qa-bugsWhiteboard: MGA4TOO, MGA3TOO => MGA3TOO
Testing complete mga4 64 Borrowed the line from here http://whyscream.net/wiki/index.php/Dnssec_howto_with_NSD_and_ldns Before ------ $ cd test $ ldns-keygen -a RSASHA1_NSEC3 -b 1024 example.net Kexample.net.+007+59213 $ ll total 12 -rw-r--r-- 1 claire claire 70 May 8 14:05 Kexample.net.+007+59213.ds -rw-r--r-- 1 claire claire 242 May 8 14:05 Kexample.net.+007+59213.key -rw-r--r-- 1 claire claire 943 May 8 14:05 Kexample.net.+007+59213.private World readable private key.. After ----- $ ldns-keygen -a RSASHA1_NSEC3 -b 1024 example.net Kexample.net.+007+03662 $ ll total 12 -rw-r--r-- 1 claire claire 69 May 8 14:04 Kexample.net.+007+03662.ds -rw-r--r-- 1 claire claire 241 May 8 14:04 Kexample.net.+007+03662.key -rw------- 1 claire claire 943 May 8 14:04 Kexample.net.+007+03662.private Testing with some random commands from urpmf ldns-utils | grep bin $ ldns-mx mageia.org mageia.org. 1800 IN MX 10 alamut.mageia.org. mageia.org. 1800 IN MX 20 krampouezh.mageia.org. $ drill mageia.org @8.8.8.8 ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 26382 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; mageia.org. IN A ;; ANSWER SECTION: mageia.org. 1799 IN A 217.70.188.116 ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 119 msec ;; SERVER: 8.8.8.8 ;; WHEN: Thu May 8 14:09:38 2014 ;; MSG SIZE rcvd: 44
Whiteboard: MGA3TOO => MGA3TOO has_procedure mga4-64-ok
Testing complete mga3 32 & 64 and mga4 32 Validating. Advisory uploaded. Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure mga4-64-ok => MGA3TOO has_procedure advisory mga-32-ok mga3-64-ok mga4-32-ok mga4-64-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0212.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/598317/