Overview

Request 720228 accepted

- Update to 4.1.11:
* update postgresql schema to address a possible denial of service
by an authorized user by inserting a crafted record in a MASTER
type zone under their control. (bsc#1142810, CVE-2019-10203)
To fix the issue, run the following command against your PostgreSQL
pdns database:
ALTER TABLE domains ALTER notified_serial TYPE bigint
USING CASE WHEN notified_serial >= 0
THEN notified_serial::bigint END;
- spec file simplifications and cleanup

* fixes a denial of service but when authorized user to cause
the server to exit by inserting a crafted record in a MASTER
type zone under their control. (bsc#1138582, CVE-2019-10162)
* fixes a denial of service of slave server when an authorized
master server sends large number of NOTIFY messages
(bsc#1138582, CVE-2019-10163)

Michael Ströder's avatar
Michael Ströder (stroeder) -

FWIW: It seems to work with LDAP backend on Tumbleweed x86_64.

Adam Majer's avatar
Adam Majer (adamm) -
author source maintainer

Thank you for the testing

Request History
Adam Majer's avatar

adamm created request

- Update to 4.1.11:
* update postgresql schema to address a possible denial of service
by an authorized user by inserting a crafted record in a MASTER
type zone under their control. (bsc#1142810, CVE-2019-10203)
To fix the issue, run the following command against your PostgreSQL
pdns database:
ALTER TABLE domains ALTER notified_serial TYPE bigint
USING CASE WHEN notified_serial >= 0
THEN notified_serial::bigint END;
- spec file simplifications and cleanup

* fixes a denial of service but when authorized user to cause
the server to exit by inserting a crafted record in a MASTER
type zone under their control. (bsc#1138582, CVE-2019-10162)
* fixes a denial of service of slave server when an authorized
master server sends large number of NOTIFY messages
(bsc#1138582, CVE-2019-10163)

Factory Auto's avatar

factory-auto added opensuse-review-team as a reviewer

Please review sources

Factory Auto's avatar

factory-auto accepted review

Check script succeeded

Saul Goodman's avatar

licensedigger accepted review

ok

Staging Bot's avatar

staging-bot added as a reviewer

Being evaluated by staging project "openSUSE:Factory:Staging:adi:52"

Staging Bot's avatar

staging-bot accepted review

Picked openSUSE:Factory:Staging:adi:52

Dominique Leuenberger's avatar

dimstar accepted review

Staging Bot's avatar

staging-bot accepted review

ready to accept

Staging Bot's avatar

staging-bot approved review

ready to accept

Dominique Leuenberger's avatar

dimstar_suse accepted request

Accept to openSUSE:Factory

openSUSE Build Service is sponsored by
Places