Mailinglist Archive: opensuse-updates (82 mails)

< Previous Next >
openSUSE-SU-2018:0953-1: moderate: Security update for pdns-recursor
openSUSE Security Update: Security update for pdns-recursor

Announcement ID: openSUSE-SU-2018:0953-1
Rating: moderate
References: #1069242 #1077154
Cross-References: CVE-2018-1000003
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12

An update that solves one vulnerability and has one errata
is now available.


This update for pdns-recursor fixes the following issues:

- update to 4.1.2
- New Features
- #6344: Add FFI version of gettag().
- Improvements
- #6298, #6303, #6268, #6290: Add the option to set the AXFR timeout
for RPZs.
- #6172: IXFR: correct behavior of dealing with DNS Name with multiple
records and speed up IXFR transaction (Leon Xu).
- #6379: Add RPZ statistics endpoint to the API.
- Bug Fixes
- #6336, #6293, #6237: Retry loading RPZ zones from server when they
fail initially.
- #6300: Fix ECS-based cache entry refresh code.
- #6320: Fix ECS-specific NS AAAA not being returned from the cache.

- update to version 4.1.1:
+ Fixes security vulnerability where man-in-the-middle to send a
NXDOMAIN answer for a DNSSEC name that does exist. (boo#1077154,
+ Don't validate signature for "glue" CNAME, since anything else than
the initial CNAME can’t be considered authoritative.

- update to version 4.0.7: (boo#1069242)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2018-364=1

Package List:

- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x



< Previous Next >
This Thread
  • No further messages