Updated pdns & pdns-recursor packages fix CVE-2015-1868
Publication date: 05 May 2015Modification date: 05 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-1868
Description
Updated pdns and pdns-recursor packages fix security vulnerability:
A bug was discovered in the label decompression code in PowerDNS and PowerDNS
Recursor, making it possible for names to refer to themselves, thus causing a
loop during decompression. On some platforms, this bug can be abused to cause
crashes. On all platforms, this bug can be abused to cause service-affecting
CPU spikes (CVE-2015-1868).
The pdns package has been updated to version 3.3.2 and the pdns-recursor
package has been updated to version 3.6.3 to fix this issue and other bugs.
References
- https://bugs.mageia.org/show_bug.cgi?id=15754
- http://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
- http://blog.powerdns.com/2015/05/01/important-update-for-security-advisory-2015-01/
- https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-332
- https://doc.powerdns.com/md/changelog/#powerdns-recursor-363
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1868
SRPMS
4/core
- pdns-3.3.2-1.mga4
- pdns-recursor-3.6.3-1.mga4