Alpine: drill, multiple ldns packages: security update to 1.6.17-r1 (deprecated)

high Tenable Cloud Security Plugin ID 401084

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which
might allow local users to obtain the private key by reading the file. (CVE-2014-3209)

See Also

https://git.alpinelinux.org/aports/commit/?id=39a0663834fda2690f8b749de369700e7d995fdd

https://git.alpinelinux.org/aports/commit/?id=6abfda6f33aa4e1558a40dacf9f9026f25375d21

Plugin Details

Severity: High

ID: 401084

Version: Revision 1.26

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2014-3209

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 5/22/2014

Vulnerability Publication Date: 5/3/2014

Reference Information

CVE: CVE-2014-3209

BID: 67200