Overview

File _patchinfo of Package patchinfo.18295

<patchinfo incident="18295">
  <issue tracker="bnc" id="1219823">VUL-0: CVE-2023-50387 : unbound, pdns, bind: Denial Of Service while trying to validate specially crafted DNSSEC responses</issue>
  <issue tracker="bnc" id="1209897">VUL-0: CVE-2023-26437: pdns-recursor: Deterred spoofing attempts can lead to authoritative servers being marked unavailable</issue>
  <issue tracker="bnc" id="1219826">VUL-0: CVE-2023-50868: unbound, bind, pdns: Denial Of Service while trying to validate specially crafted DNSSEC responses</issue>
  <issue tracker="cve" id="2023-50387"/>
  <issue tracker="cve" id="2023-50868"/>
  <issue tracker="cve" id="2023-26437"/>
  <packager>adamm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for pdns-recursor</summary>
  <description>This update for pdns-recursor fixes the following issues:

Update to 4.8.6:

* fixes case when crafted DNSSEC records in a zone can lead to
  a denial of service in Recursor
  https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
 (boo#1219823, boo#1219826, CVE-2023-50387, CVE-2023-50868)


Changes in 4.8.5:

* (I)XFR: handle partial read of len prefix.
* YaHTTP: Prevent integer overflow on very large chunks.
* Fix setting of policy tags for packet cache hits.

Changes in 4.8.4:

* Deterred spoofing attempts can lead to authoritative servers
  being marked unavailable (boo#1209897, CVE-2023-26437)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places