CVE-2015-5695

NameCVE-2015-5695
DescriptionDesignate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs796108

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
designate (PTS)jessie2014.1-18+deb8u1fixed
stretch1:3.0.0-4fixed
buster, sid1:7.0.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
designatesource(unstable)2015.1.0+2015.08.26.git34.9fa07c5798-1medium796108
designatesourceexperimental1:1.0.0~b2-1medium
designatesourcejessie2014.1-18+deb8u1medium

Search for package or bug name: Reporting problems