openSUSE-SU-2016:2116-1

Опубликовано: 19 авг. 2016

Источник: suse-cvrf

Описание

Security update for pdns

This update for pdns fixes the following issues:

CVE-2016-6172: malicious primary DNS servers can crash secondaries through large transfers (boo#987872)

As mitigation, the xfr-max-received-mbytes config option was added, defaulting to to 100 (MB).

Список пакетов

openSUSE Leap 42.1

pdns-3.4.6-3.1

pdns-backend-ldap-3.4.6-3.1

pdns-backend-lua-3.4.6-3.1

pdns-backend-mydns-3.4.6-3.1

pdns-backend-mysql-3.4.6-3.1

pdns-backend-postgresql-3.4.6-3.1

pdns-backend-sqlite3-3.4.6-3.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-08/msg00085.html
E-Mail link for openSUSE-SU-2016:2116-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.

Затронутые продукты

openSUSE Leap 42.1:pdns-3.4.6-3.1

openSUSE Leap 42.1:pdns-backend-ldap-3.4.6-3.1

openSUSE Leap 42.1:pdns-backend-lua-3.4.6-3.1

openSUSE Leap 42.1:pdns-backend-mydns-3.4.6-3.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-6172.html
CVE-2016-6172
https://bugzilla.suse.com/987872
SUSE Bug 987872

openSUSE-SU-2016:2116-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2016-6172

Описание

Затронутые продукты

Ссылки