openSUSE-SU-2015:1278-1: moderate: Security update for pdns, pdns-recursor

22 Jul 2015

      openSUSE Security Update: Security update for pdns, pdns-recursor
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2015:1278-1
Rating:             moderate
References:         #927569 
Cross-References:   CVE-2015-1868 CVE-2015-5470
Affected Products:
                    openSUSE 13.2
                    openSUSE 13.1
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   pdns, pdns-recursor were updated to fix two security issues.

   These security issues were fixed:
   - CVE-2015-1868: The label decompression functionality in PowerDNS
     Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and
     Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before
     3.4.4 allowed remote attackers to cause a denial of service (CPU
     consumption or crash) via a request with a name that refers to itself
     (bsc#927569).
   - CVE-2015-5470: Complete fix for CVE-2015-1868 (bsc#927569).

Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.2:

      zypper in -t patch openSUSE-2015-505=1

   - openSUSE 13.1:

      zypper in -t patch openSUSE-2015-505=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - openSUSE 13.2 (i586 x86_64):

      pdns-3.3.1-2.3.1
      pdns-backend-ldap-3.3.1-2.3.1
      pdns-backend-ldap-debuginfo-3.3.1-2.3.1
      pdns-backend-lua-3.3.1-2.3.1
      pdns-backend-lua-debuginfo-3.3.1-2.3.1
      pdns-backend-mydns-3.3.1-2.3.1
      pdns-backend-mydns-debuginfo-3.3.1-2.3.1
      pdns-backend-mysql-3.3.1-2.3.1
      pdns-backend-mysql-debuginfo-3.3.1-2.3.1
      pdns-backend-postgresql-3.3.1-2.3.1
      pdns-backend-postgresql-debuginfo-3.3.1-2.3.1
      pdns-backend-sqlite3-3.3.1-2.3.1
      pdns-backend-sqlite3-debuginfo-3.3.1-2.3.1
      pdns-debuginfo-3.3.1-2.3.1
      pdns-debugsource-3.3.1-2.3.1

   - openSUSE 13.1 (i586 x86_64):

      pdns-recursor-3.6.2-8.7.1
      pdns-recursor-debuginfo-3.6.2-8.7.1
      pdns-recursor-debugsource-3.6.2-8.7.1

References:

   https://www.suse.com/security/cve/CVE-2015-1868.html
   https://www.suse.com/security/cve/CVE-2015-5470.html
   https://bugzilla.suse.com/927569

openSUSE-SU-2015:1278-1: moderate: Security update for pdns, pdns-recursor

opensuse-security＠opensuse.org