openSUSE-SU-2017:0221-1

Опубликовано: 19 янв. 2017

Источник: suse-cvrf

Описание

Security update for pdns-recursor

This update for pdns-recursor fixes the following issue:

CVE-2016-7068: Crafted queries could have caused abnormal CPU usage (bsc#1018326)

Список пакетов

openSUSE Leap 42.1

pdns-recursor-3.7.3-7.1

openSUSE Leap 42.2

pdns-recursor-3.7.3-7.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-01/msg00122.html
E-Mail link for openSUSE-SU-2017:0221-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour.

Затронутые продукты

openSUSE Leap 42.1:pdns-recursor-3.7.3-7.1

openSUSE Leap 42.2:pdns-recursor-3.7.3-7.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-7068.html
CVE-2016-7068
https://bugzilla.suse.com/1018326
SUSE Bug 1018326

openSUSE-SU-2017:0221-1

Описание

Список пакетов

openSUSE Leap 42.1

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2016-7068

Описание

Затронутые продукты

Ссылки