Bug 14116

Summary:	[CVE 21] ldns 1.7.1 CVEs
Product:	[ROSA-based products] ROSA Fresh	Reporter:	Vladimir Potapov <v.potapov>
Component:	Packages from Main	Assignee:	ROSA Linux Bugs <bugs>
Status:	VERIFIED FIXED	QA Contact:	ROSA Linux Bugs <bugs>
Severity:	blocker
Priority:	Highest	CC:	a.proklov, pastordidi
Version:	All	Flags:	v.potapov: qa_verified+ v.potapov: secteam_verified? a.proklov: published+
Target Milestone:	---
Hardware:	All
OS:	Linux
URL:	CVE-2020-19861,CVE-2020-19860
Whiteboard:
Platform:	---	ROSA Vulnerability identifier:
RPM Package:		ISO-related:
Bad POT generating:		Upstream:

Description Vladimir Potapov 2023-12-06 10:37:50 MSK

https://nvd.nist.gov/vuln/detail/CVE-2020-19861 Exploit!
https://nvd.nist.gov/vuln/detail/CVE-2020-19860 Exploit!

Comment 1 Aleksandr Proklov 2023-12-07 06:29:05 MSK

Как опеределили что наша версия уязвима? по ссылкам только:
     cpe:2.3:a:nlnetlabs:ldns:1.7.1:-:*:*:*:*:*:*
    cpe:2.3:a:nlnetlabs:ldns:1.7.1:rc1:*:*:*:*:*:*

обновил версию ldns-1.8.3-1

https://abf.io/build_lists/4858450
https://abf.io/build_lists/4858451 х64
https://abf.io/build_lists/4858452
https://abf.io/build_lists/4858453
https://abf.io/build_lists/4858454

Comment 2 Dmitry Postnikov 2023-12-07 12:30:26 MSK

*****************************
Обновление отослано в Тестинг

Comment 3 Vladimir Potapov 2023-12-14 11:49:59 MSK

ldns-1.8.3-1
https://abf.io/build_lists/4858450
https://abf.io/build_lists/4858451 х64
https://abf.io/build_lists/4858452
https://abf.io/build_lists/4858453
https://abf.io/build_lists/4858454
********************** Advisory *********************
Minor update
*****************************************************
QA Verified