Detections
Analytics

openSUSE Security Update : pdns-recursor (openSUSE-SU-2014:1685-1)

medium Nessus Plugin ID 80211

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This pdns-recursor version update fixes the following security issue and non secuirty issues.

Update to upstream release 3.6.2.

 - boo#906583: Degraded service through queries to queries to specific domains (CVE-2014-8601)

 - Fixed broken _localstatedir

Update to upstream release 3.6.1.

 - gab14b4f: expedite servfail generation for ezdns-like failures (fully abort query resolving if we hit more than 50 outqueries)

 - g42025be: PowerDNS now polls the security status of a release at startup and periodically. More detail on this feature, and how to turn it off, can be found in Section 2, 'Security polling'.

 - g5027429: We did not transmit the right 'local' socket address to Lua for TCP/IP queries in the recursor. In addition, we would attempt to lookup a filedescriptor that wasn't there in an unlocked map which could conceivably lead to crashes. Closes t1828, thanks Winfried for reporting

 - g752756c: Sync embedded yahttp copy. API: Replace HTTP Basic auth with static key in custom header

 - g6fdd40d: add missing #include <pthread.h> to rec-channel.hh (this fixes building on OS X).

 - sync permissions/ownership of home and config dir with the pdns package

 - added systemd support for 12.3 and newer

Update to upstrean release 3.5.3.

 - This is a bugfix and performance update to 3.5.2. It brings serious performance improvements for dual stack users. For all the details see http://doc.powerdns.com/html/changelog.html#changelog-re cursor-3.5.3

 - Remove patch (pdns-recursor-3.3_config.patch)

 - Add patch (pdns-recursor-3.5.3_config.patch)

Update to upstrean release 3.5.2.

 - Responses without the QR bit set now get matched up to an outstanding query, so that resolution can be aborted early instead of waiting for a timeout.

 - The depth limiter changes in 3.5.1 broke some legal domains with lots of indirection.

 - Slightly improved logging to aid debugging.

Update to upstream version 3.5.1.

 - This is a stability and bugfix update to 3.5. It contains important fixes that improve operation for certain domains. This is a stability, security and bugfix update to 3.3/3.3.1. It contains important fixes for slightly broken domain names, which your users expect to work anyhow. For all details see http://doc.powerdns.com/html/changelog.html#changelog-re cursor-3.5.1

 - adapted patches: pdns-rec-lua52.patch pdns-recursor-3.5.1_config.patch

 - fixed conditional for different lua versions

 - started some basic support to build packages for non suse distros

Solution

Update the affected pdns-recursor packages.

See Also

https://doc.powerdns.com/md/changelog/#changelog-recursor-3.5.1

https://doc.powerdns.com/md/changelog/#changelog-recursor-3.5.3

https://bugzilla.opensuse.org/show_bug.cgi?id=906583

https://lists.opensuse.org/opensuse-updates/2014-12/msg00084.html

Plugin Details

Severity: Medium

ID: 80211

File Name: openSUSE-2014-798.nasl

Version: 1.5

Type: local

Agent: unix

Published: 12/23/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:pdns-recursor, p-cpe:/a:novell:opensuse:pdns-recursor-debuginfo, p-cpe:/a:novell:opensuse:pdns-recursor-debugsource, cpe:/o:novell:opensuse:12.3, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 12/10/2014

Reference Information

CVE: CVE-2014-8601