Mailinglist Archive: opensuse-updates (71 mails)

< Previous Next >
openSUSE-SU-2015:1278-1: moderate: Security update for pdns, pdns-recursor
openSUSE Security Update: Security update for pdns, pdns-recursor
______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:1278-1
Rating: moderate
References: #927569
Cross-References: CVE-2015-1868 CVE-2015-5470
Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

pdns, pdns-recursor were updated to fix two security issues.

These security issues were fixed:
- CVE-2015-1868: The label decompression functionality in PowerDNS
Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and
Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before
3.4.4 allowed remote attackers to cause a denial of service (CPU
consumption or crash) via a request with a name that refers to itself
(bsc#927569).
- CVE-2015-5470: Complete fix for CVE-2015-1868 (bsc#927569).


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-505=1

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-505=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.2 (i586 x86_64):

pdns-3.3.1-2.3.1
pdns-backend-ldap-3.3.1-2.3.1
pdns-backend-ldap-debuginfo-3.3.1-2.3.1
pdns-backend-lua-3.3.1-2.3.1
pdns-backend-lua-debuginfo-3.3.1-2.3.1
pdns-backend-mydns-3.3.1-2.3.1
pdns-backend-mydns-debuginfo-3.3.1-2.3.1
pdns-backend-mysql-3.3.1-2.3.1
pdns-backend-mysql-debuginfo-3.3.1-2.3.1
pdns-backend-postgresql-3.3.1-2.3.1
pdns-backend-postgresql-debuginfo-3.3.1-2.3.1
pdns-backend-sqlite3-3.3.1-2.3.1
pdns-backend-sqlite3-debuginfo-3.3.1-2.3.1
pdns-debuginfo-3.3.1-2.3.1
pdns-debugsource-3.3.1-2.3.1

- openSUSE 13.1 (i586 x86_64):

pdns-recursor-3.6.2-8.7.1
pdns-recursor-debuginfo-3.6.2-8.7.1
pdns-recursor-debugsource-3.6.2-8.7.1


References:

https://www.suse.com/security/cve/CVE-2015-1868.html
https://www.suse.com/security/cve/CVE-2015-5470.html
https://bugzilla.suse.com/927569


< Previous Next >
This Thread
  • No further messages