oss-sec mailing list archives
adns (dns resolver library) multiple vulns
From: Ian Jackson <ijackson () chiark greenend org uk>
Date: Thu, 11 Jun 2020 19:35:57 +0100
Hi. I'm the upstream maintainer for adns. There were outstanding security problems which I have sat on for far too long, but I have now finally dealt with them properly. My apologies. The fixes have incorporated in adns 1.5.2 and 1.6.0. See the release announcement here: https://www.chiark.greenend.org.uk/pipermail/adns-announce/2020/000004.html If you prefer to apply specific patches, the relevant commits are in my git repository: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git/adns.git/ https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/githttp/adns.git in this commit range 2f6e879e0fca1715d5c5946bcedb4f821ce64d77..bb4e05849170034447d60a6f7cb71d5f255b0ecc (which you will find is covered by the signed tag adns-1.5.2). The most serious problems are remote code execution, within the adns-using application, exploitable by the local recursive resolver. Thanks for your attention. Ian. -- Ian Jackson <ijackson () chiark greenend org uk> These opinions are my own. Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
Current thread:
- adns (dns resolver library) multiple vulns Ian Jackson (Jun 11)