openSUSE Security Update : pdns / pdns-recursor (openSUSE-2015-505)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

pdns, pdns-recursor were updated to fix two security issues.

These security issues were fixed :

- CVE-2015-1868: The label decompression functionality in
PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x
before 3.7.2 and Authoritative (Auth) Server 3.2.x,
3.3.x before 3.3.2, and 3.4.x before 3.4.4 allowed
remote attackers to cause a denial of service (CPU
consumption or crash) via a request with a name that
refers to itself (bsc#927569).

- CVE-2015-5470: Complete fix for CVE-2015-1868
(bsc#927569).

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=927569

Solution :

Update the affected pdns / pdns-recursor packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 84996 ()

Bugtraq ID:

CVE ID: CVE-2015-1868
CVE-2015-5470

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now