Updated pdns package fixes security vulnerability
Publication date: 03 Aug 2015Modification date: 03 Aug 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-1868 , CVE-2015-5470
Description
In MGASA-2015-0189, the pdns and pdns-recursor packages were updated to fix a denial of service issue (CVE-2015-1868). The fix was incomplete. The packages have been updated again to versions 3.3.3 and 3.6.4, respectively, to completely fix this issue.
References
- https://bugs.mageia.org/show_bug.cgi?id=16320
- http://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
- http://blog.powerdns.com/2015/06/09/authoritative-server-3-4-5-3-3-3-and-recursor-3-7-3-3-6-4-released/
- http://advisories.mageia.org/MGASA-2015-0189.html
- http://openwall.com/lists/oss-security/2015/07/10/8
- http://lists.opensuse.org/opensuse-updates/2015-07/msg00049.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1868
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5470
SRPMS
4/core
- pdns-3.3.3-1.mga4
- pdns-recursor-3.6.4-1.mga4
5/core
- pdns-3.3.3-1.mga5
- pdns-recursor-3.6.4-1.mga5