SUSE Package Hub - openSUSE-2019-1921

Update Info

openSUSE-2019-1921

Security update for pdns

Type: security

Severity: important

Issued: 2019-08-15

Description:

This update for pdns fixes the following issues:

Security issues fixed:

- CVE-2019-10203: Updated PostgreSQL schema to address a possible denial of service by an authorized user by inserting a crafted record in a MASTER type zone under their control. (boo#1142810)
- CVE-2019-10162: Fixed a denial of service but when authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. (boo#1138582)
- CVE-2019-10163: Fixed a denial of service of slave server when an authorized master server sends large number of NOTIFY messages. (boo#1138582)
	  
Non-security issues fixed:

- Enabled the option to disable superslave support.
- Fixed `pdnsutil b2b-migrate` to not lose NSEC3 settings.

This update was imported from the openSUSE:Leap:15.1:Update update project.

References

CVE: CVE-2019-10203
CVE: CVE-2019-10163
CVE: CVE-2019-10162
Bugzilla: 1142810 VUL-1: CVE-2019-10203: pdns: PowerDNS Security Advisory 2019-06: Denial of service via crafted zone records
Bugzilla: 1138582 VUL-0: CVE-2019-10162,CVE-2019-10163: pdns: multiple issues

Packages

pdns-4.1.8-bp151.3.3.1