openSUSE-SU-2024:0114-1

Опубликовано: 29 апр. 2024

Источник: suse-cvrf

Описание

Security update for pdns-recursor

This update for pdns-recursor fixes the following issues:

update to 4.8.8:
- fixes a case when a crafted responses can lead to a denial of service in Recursor if recursive forwarding is configured (boo#1223262, CVE-2024-25583)
changes in 4.8.7:
- If serving stale, wipe CNAME records from cache when we get a NODATA negative response for them
- Fix the zoneToCache regression introduced by last security update

Список пакетов

SUSE Package Hub 15 SP5

pdns-recursor-4.8.8-bp155.2.6.1

openSUSE Leap 15.5

pdns-recursor-4.8.8-bp155.2.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZZH2ONXJKWNVDG6IH66D5CLFDU6CHDXI/
E-Mail link for openSUSE-SU-2024:0114-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1223262
SUSE Bug 1223262
https://www.suse.com/security/cve/CVE-2024-25583/
SUSE CVE CVE-2024-25583 page

Описание

A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.

Затронутые продукты

SUSE Package Hub 15 SP5:pdns-recursor-4.8.8-bp155.2.6.1

openSUSE Leap 15.5:pdns-recursor-4.8.8-bp155.2.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-25583.html
CVE-2024-25583
https://bugzilla.suse.com/1223262
SUSE Bug 1223262

openSUSE-SU-2024:0114-1

Описание

Список пакетов

SUSE Package Hub 15 SP5

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2024-25583

Описание

Затронутые продукты

Ссылки