openSUSE-SU-2018:0953-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2018:0953-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2018:0953-1
Related
Published
2018-04-16T15:14:46Z
Modified
2018-04-16T15:14:46Z
Summary
Security update for pdns-recursor
Details

This update for pdns-recursor fixes the following issues:

  • update to 4.1.2

    • New Features
      • #6344: Add FFI version of gettag().
    • Improvements
      • #6298, #6303, #6268, #6290: Add the option to set the AXFR timeout for RPZs.
      • #6172: IXFR: correct behavior of dealing with DNS Name with multiple records and speed up IXFR transaction (Leon Xu).
      • #6379: Add RPZ statistics endpoint to the API.
    • Bug Fixes
      • #6336, #6293, #6237: Retry loading RPZ zones from server when they fail initially.
      • #6300: Fix ECS-based cache entry refresh code.
      • #6320: Fix ECS-specific NS AAAA not being returned from the cache.

  • update to version 4.1.1:

    • Fixes security vulnerability where man-in-the-middle to send a NXDOMAIN answer for a DNSSEC name that does exist. (boo#1077154, CVE-2018-1000003)
    • Don't validate signature for 'glue' CNAME, since anything else than the initial CNAME can’t be considered authoritative.

  • update to version 4.0.7: (boo#1069242)

References

Affected packages

SUSE:Package Hub 12 SP1 / pdns-recursor

Package

Name
pdns-recursor
Purl
purl:rpm/suse/pdns-recursor&distro=SUSE%20Package%20Hub%2012%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1.2-5.1

Ecosystem specific 

{
    "binaries": [
        {
            "pdns-recursor": "4.1.2-5.1"
        }
    ]
}