Source: ldnsutils Severity: important Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
The ldns-keygen tool creates a keypair, one of which should be kept private. The tool apparently use default access rights for all files, leading to the private key being created world readable. - Jonas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQF8BAEBCgBmBQJTZMh7XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ3NjQ4ODQwMTIyRTJDNTBFQzUxRDQwRTI0 RUMxQjcyMjM3NEY5QkQ2AAoJEE7BtyI3T5vW+QgIAJdT1+2r/0fOHcL1DXn/JkF+ EccUvBXSNjhnxmWJdmYGwosKzZt6aL4S1vxZPaBvhnINTAy0uDmjt3Ct75nft9GC 1hwYJl3IZRbmmHFadK5a1xKizD/NTz/ndB+fIbR+QjvYdmsUItWKL9226alzrheA bCDI3RnFFeDFjjGVrxkCXEG59G5ZlWZrD95KhXVcxhM5B6qMZbgM/qU2Pis2eH18 3cz40jPTDAsw238Bvom86d9jX9n/NUJ2xS1GBAxdSt083VuwTivr0cVkE/lbvuA7 FLJiq/gfJXGOE42xXvtmTvsHAsZY8olF4vUSzmfkDODW78bpvzbRIgavxLRGUO8= =PU+Q -----END PGP SIGNATURE----- _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
