openSUSE Security Update : pdns-recursor (openSUSE-SU-2014:1685-1)

Medium Nessus Plugin ID 80211


The remote openSUSE host is missing a security update.


This pdns-recursor version update fixes the following security issue and non secuirty issues.

Update to upstream release 3.6.2.

- boo#906583: Degraded service through queries to queries to specific domains (CVE-2014-8601)

- Fixed broken _localstatedir

Update to upstream release 3.6.1.

- gab14b4f: expedite servfail generation for ezdns-like failures (fully abort query resolving if we hit more than 50 outqueries)

- g42025be: PowerDNS now polls the security status of a release at startup and periodically. More detail on this feature, and how to turn it off, can be found in Section 2, 'Security polling'.

- g5027429: We did not transmit the right 'local' socket address to Lua for TCP/IP queries in the recursor. In addition, we would attempt to lookup a filedescriptor that wasn't there in an unlocked map which could conceivably lead to crashes. Closes t1828, thanks Winfried for reporting

- g752756c: Sync embedded yahttp copy. API: Replace HTTP Basic auth with static key in custom header

- g6fdd40d: add missing #include <pthread.h> to rec-channel.hh (this fixes building on OS X).

- sync permissions/ownership of home and config dir with the pdns package

- added systemd support for 12.3 and newer

Update to upstrean release 3.5.3.

- This is a bugfix and performance update to 3.5.2. It brings serious performance improvements for dual stack users. For all the details see cursor-3.5.3

- Remove patch (pdns-recursor-3.3_config.patch)

- Add patch (pdns-recursor-3.5.3_config.patch)

Update to upstrean release 3.5.2.

- Responses without the QR bit set now get matched up to an outstanding query, so that resolution can be aborted early instead of waiting for a timeout.

- The depth limiter changes in 3.5.1 broke some legal domains with lots of indirection.

- Slightly improved logging to aid debugging.

Update to upstream version 3.5.1.

- This is a stability and bugfix update to 3.5. It contains important fixes that improve operation for certain domains. This is a stability, security and bugfix update to 3.3/3.3.1. It contains important fixes for slightly broken domain names, which your users expect to work anyhow. For all details see cursor-3.5.1

- adapted patches: pdns-rec-lua52.patch pdns-recursor-3.5.1_config.patch

- fixed conditional for different lua versions

- started some basic support to build packages for non suse distros


Update the affected pdns-recursor packages.

See Also

Plugin Details

Severity: Medium

ID: 80211

File Name: openSUSE-2014-798.nasl

Version: $Revision: 1.1 $

Type: local

Agent: unix

Published: 2014/12/23

Modified: 2014/12/23

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:pdns-recursor, p-cpe:/a:novell:opensuse:pdns-recursor-debuginfo, p-cpe:/a:novell:opensuse:pdns-recursor-debugsource, cpe:/o:novell:opensuse:12.3, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2014/12/10

Reference Information

CVE: CVE-2014-8601