openSUSE-SU-2022:0105-1

Опубликовано: 07 апр. 2022

Источник: suse-cvrf

Описание

Security update for pdns-recursor

This update for pdns-recursor fixes the following issues:

CVE-2022-27227: Fixed incomplete validation of incoming IXFR transfers. It applies to setups retrieving one or more RPZ zones from a remote server if the network path to the server is not trusted. (boo#1197525)

Список пакетов

SUSE Package Hub 15 SP3

pdns-recursor-4.3.5-bp153.2.3.1

openSUSE Leap 15.3

pdns-recursor-4.3.5-bp153.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/42XLX5GUN36HINIJX75C5RSFWMGRN4OW/
E-Mail link for openSUSE-SU-2022:0105-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1197525
SUSE Bug 1197525
https://www.suse.com/security/cve/CVE-2022-27227/
SUSE CVE CVE-2022-27227 page

Описание

In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.

Затронутые продукты

SUSE Package Hub 15 SP3:pdns-recursor-4.3.5-bp153.2.3.1

openSUSE Leap 15.3:pdns-recursor-4.3.5-bp153.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-27227.html
CVE-2022-27227
https://bugzilla.suse.com/1197525
SUSE Bug 1197525

openSUSE-SU-2022:0105-1

Описание

Список пакетов

SUSE Package Hub 15 SP3

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2022-27227

Описание

Затронутые продукты

Ссылки