SUSE Package Hub - openSUSE-2024-114

Update Info

openSUSE-2024-114

Security update for pdns-recursor

Type: security

Severity: important

Issued: 2024-04-29

Description:

This update for pdns-recursor fixes the following issues:

- update to 4.8.8:
  * fixes a case when a crafted responses can lead to a denial of
    service in Recursor if recursive forwarding is configured
    (boo#1223262, CVE-2024-25583)

- changes in 4.8.7:
  * If serving stale, wipe CNAME records from cache when we get
    a NODATA negative response for them
  * Fix the zoneToCache regression introduced by last security
    update

References

CVE: CVE-2024-25583
Bugzilla: 1223262 VUL-0: CVE-2024-25583: pdns-recursor: crafted responses can lead to a denial of service in Recursor if recursive forwarding is configured

Packages

pdns-recursor-4.8.8-bp155.2.6.1