CVE-2014-3209

Priority
Low
Description
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the
privileges of the private key, which might allow local users to obtain the
private key by reading the file.
References
Bugs
Notes
 mdeslaur> ldns-keygen is in the ldnsutils package in universe
Assigned-to
mdeslaur
Package
Source: ldns (LP Ubuntu Debian)
Upstream:released (1.6.17-4)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.6.17-1ubuntu0.1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.6.17-8)
Ubuntu 17.04 (Zesty Zapus):not-affected (1.7.0-1ubuntu1)
Ubuntu 17.10 (Artful Aardvark):not-affected (1.7.0-1ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.7.0-3ubuntu1)
Patches:
Upstream:https://git.nlnetlabs.nl/ldns/commit/?h=develop&id=169f38c1e25750f935838b670871056428977e6b
More Information

Updated: 2017-12-15 20:33:33 UTC (commit 13913)