CVE-2015-5695

NameCVE-2015-5695
DescriptionDesignate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs796108

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
designate (PTS)buster1:7.0.0-2fixed
bullseye1:11.0.0-2fixed
bookworm1:15.0.0-4fixed
sid, trixie1:18.0.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
designatesourceexperimental1:1.0.0~b2-1
designatesourcejessie2014.1-18+deb8u1
designatesource(unstable)2015.1.0+2015.08.26.git34.9fa07c5798-1796108
Search for package or bug name: Reporting problems