Bug 1510985 (CVE-2017-1000231)

Summary:	CVE-2017-1000231 ldns: Memory corruption in ldns_rr_new_frm_fp_l
Product:	[Other] Security Response	Reporter:	Adam Mariš <amaris>
Component:	vulnerability	Assignee:	Red Hat Product Security <security-response-team>
Status:	CLOSED WONTFIX	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	unspecified	CC:	mmezynsk, pemensik, pwouters, scorneli, thozza
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	ldns 1.7.1	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2017-11-14 10:44:12 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	1511046
Bug Blocks:	1510999

Description Adam Mariš 2017-11-08 13:47:20 UTC

A memory corruption via double free was found in ldns_rr_new_frm_fp_l() function.

Upstream bug:

https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256

Upstream patch:

https://git.nlnetlabs.nl/ldns/commit/?id=c8391790

Comment 1 Adam Mariš 2017-11-08 15:33:12 UTC

Created ldns tracking bugs for this issue:

Affects: fedora-all [bug 1511046]

Comment 5 Stefan Cornelius 2017-11-14 10:44:22 UTC

Statement:

Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.