openSUSE-SU-2023:0101-1

Опубликовано: 02 мая 2023

Источник: suse-cvrf

Описание

Security update for pdns-recursor

This update for pdns-recursor fixes the following issues:

pdns-recursor was updated to 4.6.6:

fixes deterred spoofing attempts can lead to authoritative servers being marked unavailable (boo#1209897, CVE-2023-26437)

Fixes in 4.6.5:

When an expired NSEC3 entry is seen, move it to the front of the expiry queue
Log invalid RPZ content when obtained via IXFR
Detect invalid bytes in makeBytesFromHex()
Timeout handling for IXFRs as a client

Fixes in 4.6.4:

Check qperq limit if throttling happened, as it increases counters
Failure to retrieve DNSKEYs of an Insecure zone should not be fatal
Resize answer length to actual received length in udpQueryResponse

Список пакетов

SUSE Package Hub 15 SP4

pdns-recursor-4.6.6-bp154.2.6.1

openSUSE Leap 15.4

pdns-recursor-4.6.6-bp154.2.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/O77AR5R2DS34JA2Y3VBBU6V4IZWVEM56/
E-Mail link for openSUSE-SU-2023:0101-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1209897
SUSE Bug 1209897
https://www.suse.com/security/cve/CVE-2023-26437/
SUSE CVE CVE-2023-26437 page

Описание

Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3.

Затронутые продукты

SUSE Package Hub 15 SP4:pdns-recursor-4.6.6-bp154.2.6.1

openSUSE Leap 15.4:pdns-recursor-4.6.6-bp154.2.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-26437.html
CVE-2023-26437
https://bugzilla.suse.com/1209897
SUSE Bug 1209897

openSUSE-SU-2023:0101-1

Описание

Список пакетов

SUSE Package Hub 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2023-26437

Описание

Затронутые продукты

Ссылки