File _patchinfo of Package patchinfo.7992

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.7992

<patchinfo incident="7992">
  <issue id="1077154" tracker="bnc">VUL-0: CVE-2018-1000003: pdns-recursor: input validation bugs in DNSSEC validators components</issue>
  <issue id="1069242" tracker="bnc">VUL-0:  CVE-2017-15090, CVE-2017-15091, CVE-2017-15092, CVE-2017-15093, CVE-2017-15094: pdns: Multiple security issues</issue>
  <issue id="2018-1000003" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>adamm</packager>
  <description>This update for pdns-recursor fixes the following issues:

- update to 4.1.2
  - New Features
    - #6344: Add FFI version of gettag().
  - Improvements
    - #6298, #6303, #6268, #6290: Add the option to set the AXFR
      timeout for RPZs.
    - #6172: IXFR: correct behavior of dealing with DNS Name with
      multiple records and speed up IXFR transaction (Leon Xu).
    - #6379: Add RPZ statistics endpoint to the API.
  - Bug Fixes
    - #6336, #6293, #6237: Retry loading RPZ zones from server when
      they fail initially.
    - #6300: Fix ECS-based cache entry refresh code.
    - #6320: Fix ECS-specific NS AAAA not being returned from the
      cache.

- update to version 4.1.1:
  + Fixes security vulnerability where man-in-the-middle to send
    a NXDOMAIN answer for a DNSSEC name that does exist.
    (boo#1077154, CVE-2018-1000003)
  + Don't validate signature for "glue" CNAME, since anything else
    than the initial CNAME can&#8217;t be considered authoritative.

- update to version 4.0.7: (boo#1069242)</description>
  <summary>Security update for pdns-recursor</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.7992

Places