SUSE Package Hub - openSUSE-2018-1570

Update Info

openSUSE-2018-1570

Security update for pdns-recursor

Type: security

Severity: moderate

Issued: 2018-12-18

Description:

This update for pdns-recursor fixes the following issues:

Security issues fixed:

- CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157).
- CVE-2018-14644: Fixed denial of service via crafted query for meta-types (bsc#1114170).
- CVE-2018-14626: Fixed packet cache pollution via crafted query (bsc#1114169).
- CVE-2018-16855: Fixed case where a crafted query could cause a denial of service (bsc#1116592)

This update was imported from the openSUSE:Leap:15.0:Update update project.

References

CVE: CVE-2018-16855
CVE: CVE-2018-14644
CVE: CVE-2018-14626
CVE: CVE-2018-10851
Bugzilla: 1116592 VUL-1: CVE-2018-16855: pdns-recursor: out-of-bounds memory read via a crafted query
Bugzilla: 1114170 VUL-0: CVE-2018-14644: pdns-recursor: crafted query for meta-types can cause a denial of service
Bugzilla: 1114169 VUL-0: CVE-2018-14626: pdns,pdns-recursor: packet cache pollution via crafted query
Bugzilla: 1114157 VUL-0: CVE-2018-10851: pdns,pdns-recursor: crafted zone record or crafted answer can cause a denial of service

Packages

pdns-recursor-4.1.2-bp150.2.3.1