openSUSE-SU-2022:10171-1

Опубликовано: 30 окт. 2022

Источник: suse-cvrf

Описание

Security update for pdns-recursor

This update for pdns-recursor fixes the following issues:

pdns-recursor was updated to 4.6.3:

fixes incomplete exception handling related to protobuf message generation (boo#1202664, CVE-2022-37428)

pdns-recursor was updated to 4.6.2:

Reject non-apex NSEC(3)s that have both the NS and SOA bits set
A CNAME answer on DS query should abort DS retrieval
Allow disabling of processing the root hints
If we get NODATA on an AAAA in followCNAMERecords, try native dns64

Список пакетов

SUSE Package Hub 15 SP4

pdns-recursor-4.6.3-bp154.2.3.1

openSUSE Leap 15.4

pdns-recursor-4.6.3-bp154.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QTTGUFMAXOAIF5ITDWH77TARHQP4EO3F/
E-Mail link for openSUSE-SU-2022:10171-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1202664
SUSE Bug 1202664
https://www.suse.com/security/cve/CVE-2022-37428/
SUSE CVE CVE-2022-37428 page

Описание

PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.

Затронутые продукты

SUSE Package Hub 15 SP4:pdns-recursor-4.6.3-bp154.2.3.1

openSUSE Leap 15.4:pdns-recursor-4.6.3-bp154.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-37428.html
CVE-2022-37428
https://bugzilla.suse.com/1202664
SUSE Bug 1202664

openSUSE-SU-2022:10171-1

Описание

Список пакетов

SUSE Package Hub 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-37428

Описание

Затронутые продукты

Ссылки