openSUSE Security Update : pdns-recursor (openSUSE-SU-2014:1685-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This pdns-recursor version update fixes the following security issue
and non secuirty issues.

Update to upstream release 3.6.2.

- boo#906583: Degraded service through queries to queries
to specific domains (CVE-2014-8601)

- Fixed broken _localstatedir

Update to upstream release 3.6.1.

- gab14b4f: expedite servfail generation for ezdns-like
failures (fully abort query resolving if we hit more
than 50 outqueries)

- g42025be: PowerDNS now polls the security status of a
release at startup and periodically. More detail on this
feature, and how to turn it off, can be found in Section
2, 'Security polling'.

- g5027429: We did not transmit the right 'local' socket
address to Lua for TCP/IP queries in the recursor. In
addition, we would attempt to lookup a filedescriptor
that wasn't there in an unlocked map which could
conceivably lead to crashes. Closes t1828, thanks
Winfried for reporting

- g752756c: Sync embedded yahttp copy. API: Replace HTTP
Basic auth with static key in custom header

- g6fdd40d: add missing #include <pthread.h> to
rec-channel.hh (this fixes building on OS X).

- sync permissions/ownership of home and config dir with
the pdns package

- added systemd support for 12.3 and newer

Update to upstrean release 3.5.3.

- This is a bugfix and performance update to 3.5.2. It
brings serious performance improvements for dual stack
users. For all the details see
http://doc.powerdns.com/html/changelog.html#changelog-re
cursor-3.5.3

- Remove patch (pdns-recursor-3.3_config.patch)

- Add patch (pdns-recursor-3.5.3_config.patch)

Update to upstrean release 3.5.2.

- Responses without the QR bit set now get matched up to
an outstanding query, so that resolution can be aborted
early instead of waiting for a timeout.

- The depth limiter changes in 3.5.1 broke some legal
domains with lots of indirection.

- Slightly improved logging to aid debugging.

Update to upstream version 3.5.1.

- This is a stability and bugfix update to 3.5. It
contains important fixes that improve operation for
certain domains. This is a stability, security and
bugfix update to 3.3/3.3.1. It contains important fixes
for slightly broken domain names, which your users
expect to work anyhow. For all details see
http://doc.powerdns.com/html/changelog.html#changelog-re
cursor-3.5.1

- adapted patches: pdns-rec-lua52.patch
pdns-recursor-3.5.1_config.patch

- fixed conditional for different lua versions

- started some basic support to build packages for non
suse distros

See also :

http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.5.1
http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.5.3
http://lists.opensuse.org/opensuse-updates/2014-12/msg00084.html
https://bugzilla.opensuse.org/show_bug.cgi?id=906583

Solution :

Update the affected pdns-recursor packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 80211 ()

Bugtraq ID:

CVE ID: CVE-2014-8601

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now