SUSE Package Hub - openSUSE-2022-105

Update Info

openSUSE-2022-105

Security update for pdns-recursor

Type: security

Severity: important

Issued: 2022-04-07

Description:

This update for pdns-recursor fixes the following issues:

- CVE-2022-27227: Fixed incomplete validation of  incoming IXFR
  transfers. It applies to setups retrieving one or more RPZ zones from
  a remote server if the network path to the server  is not
  trusted. (boo#1197525)

References

CVE: CVE-2022-27227
Bugzilla: 1197525 VUL-0: CVE-2022-27227: pdns,pdns-recursor: incomplete validation of incoming IXFR transfer in Authoritative Server and Recursor

Packages

pdns-recursor-4.3.5-bp153.2.3.1