SUSE Package Hub - openSUSE-2024-48

Update Info

openSUSE-2024-48

Security update for pdns-recursor

Type: security

Severity: important

Issued: 2024-02-14

Description:

This update for pdns-recursor fixes the following issues:

Update to 4.8.6:

* fixes case when crafted DNSSEC records in a zone can lead to
  a denial of service in Recursor
  https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
 (boo#1219823, boo#1219826, CVE-2023-50387, CVE-2023-50868)


Changes in 4.8.5:

* (I)XFR: handle partial read of len prefix.
* YaHTTP: Prevent integer overflow on very large chunks.
* Fix setting of policy tags for packet cache hits.

Changes in 4.8.4:

* Deterred spoofing attempts can lead to authoritative servers
  being marked unavailable (boo#1209897, CVE-2023-26437)

References

CVE: CVE-2023-50868
CVE: CVE-2023-50387
CVE: CVE-2023-26437
Bugzilla: 1219826 VUL-0: CVE-2023-50868: unbound, bind, pdns: Denial Of Service while trying to validate specially crafted DNSSEC responses
Bugzilla: 1219823 VUL-0: CVE-2023-50387 : unbound, pdns, bind: Denial Of Service while trying to validate specially crafted DNSSEC responses
Bugzilla: 1209897 VUL-0: CVE-2023-26437: pdns-recursor: Deterred spoofing attempts can lead to authoritative servers being marked unavailable

Packages

pdns-recursor-4.8.6-bp155.2.3.1