Overview

File _patchinfo of Package patchinfo.10740

<patchinfo incident="10740">
  <issue tracker="bnc" id="1138582">VUL-0: CVE-2019-10162,CVE-2019-10163: pdns: multiple issues</issue>
  <issue tracker="bnc" id="1142810">VUL-1: CVE-2019-10203: pdns: PowerDNS Security Advisory 2019-06: Denial of service via crafted zone records</issue>
  <issue tracker="cve" id="2019-10203"/>
  <issue tracker="cve" id="2019-10163"/>
  <issue tracker="cve" id="2019-10162"/>
  <packager>adamm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for pdns</summary>
  <description>This update for pdns fixes the following issues:

Security issues fixed:

- CVE-2019-10203: Updated PostgreSQL schema to address a possible denial of service by an authorized user by inserting a crafted record in a MASTER type zone under their control. (boo#1142810)
- CVE-2019-10162: Fixed a denial of service but when authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. (boo#1138582)
- CVE-2019-10163: Fixed a denial of service of slave server when an authorized master server sends large number of NOTIFY messages. (boo#1138582)
	  
Non-security issues fixed:

- Enabled the option to disable superslave support.
- Fixed `pdnsutil b2b-migrate` to not lose NSEC3 settings.
</description>
<message>To fix the security issue in existing installations, run the following command against your PostgreSQL pdns database: ALTER TABLE domains ALTER notified_serial TYPE bigint USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;</message>
</patchinfo>
openSUSE Build Service is sponsored by
Places