Security update for pdns SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:4175-1 Final 1 1 2018-12-18T12:04:47Z current 2018-12-18T12:04:47Z 2018-12-18T12:04:47Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for pdns This update for pdns fixes the following issues: Security issues fixed: - CVE-2018-10851: Fixed denial of service via crafted zone record or crafted answer (bsc#1114157). - CVE-2018-14626: Fixed packet cache pollution via crafted query (bsc#1114169). This update was imported from the openSUSE:Leap:15.0:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2018-1571 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5HUOAHEJGZBU2UVFKSCQPX2U267R5ZBE/#5HUOAHEJGZBU2UVFKSCQPX2U267R5ZBE E-Mail link for openSUSE-SU-2018:4175-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1114157 SUSE Bug 1114157 https://bugzilla.suse.com/1114169 SUSE Bug 1114169 https://www.suse.com/security/cve/CVE-2018-10851/ SUSE CVE CVE-2018-10851 page https://www.suse.com/security/cve/CVE-2018-14626/ SUSE CVE CVE-2018-14626 page SUSE Package Hub 15 pdns-4.1.2-bp150.2.3.1 pdns-backend-geoip-4.1.2-bp150.2.3.1 pdns-backend-godbc-4.1.2-bp150.2.3.1 pdns-backend-ldap-4.1.2-bp150.2.3.1 pdns-backend-lua-4.1.2-bp150.2.3.1 pdns-backend-mydns-4.1.2-bp150.2.3.1 pdns-backend-mysql-4.1.2-bp150.2.3.1 pdns-backend-postgresql-4.1.2-bp150.2.3.1 pdns-backend-remote-4.1.2-bp150.2.3.1 pdns-backend-sqlite3-4.1.2-bp150.2.3.1 pdns-4.1.2-bp150.2.3.1 as a component of SUSE Package Hub 15 pdns-backend-geoip-4.1.2-bp150.2.3.1 as a component of SUSE Package Hub 15 pdns-backend-godbc-4.1.2-bp150.2.3.1 as a component of SUSE Package Hub 15 pdns-backend-ldap-4.1.2-bp150.2.3.1 as a component of SUSE Package Hub 15 pdns-backend-lua-4.1.2-bp150.2.3.1 as a component of SUSE Package Hub 15 pdns-backend-mydns-4.1.2-bp150.2.3.1 as a component of SUSE Package Hub 15 pdns-backend-mysql-4.1.2-bp150.2.3.1 as a component of SUSE Package Hub 15 pdns-backend-postgresql-4.1.2-bp150.2.3.1 as a component of SUSE Package Hub 15 pdns-backend-remote-4.1.2-bp150.2.3.1 as a component of SUSE Package Hub 15 pdns-backend-sqlite3-4.1.2-bp150.2.3.1 as a component of SUSE Package Hub 15 PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service. CVE-2018-10851 SUSE Package Hub 15:pdns-4.1.2-bp150.2.3.1 SUSE Package Hub 15:pdns-backend-geoip-4.1.2-bp150.2.3.1 SUSE Package Hub 15:pdns-backend-godbc-4.1.2-bp150.2.3.1 SUSE Package Hub 15:pdns-backend-ldap-4.1.2-bp150.2.3.1 SUSE Package Hub 15:pdns-backend-lua-4.1.2-bp150.2.3.1 SUSE Package Hub 15:pdns-backend-mydns-4.1.2-bp150.2.3.1 SUSE Package Hub 15:pdns-backend-mysql-4.1.2-bp150.2.3.1 SUSE Package Hub 15:pdns-backend-postgresql-4.1.2-bp150.2.3.1 SUSE Package Hub 15:pdns-backend-remote-4.1.2-bp150.2.3.1 SUSE Package Hub 15:pdns-backend-sqlite3-4.1.2-bp150.2.3.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5HUOAHEJGZBU2UVFKSCQPX2U267R5ZBE/#5HUOAHEJGZBU2UVFKSCQPX2U267R5ZBE https://www.suse.com/security/cve/CVE-2018-10851.html CVE-2018-10851 https://bugzilla.suse.com/1114157 SUSE Bug 1114157 https://bugzilla.suse.com/1114169 SUSE Bug 1114169 https://bugzilla.suse.com/1114170 SUSE Bug 1114170 PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service. CVE-2018-14626 SUSE Package Hub 15:pdns-4.1.2-bp150.2.3.1 SUSE Package Hub 15:pdns-backend-geoip-4.1.2-bp150.2.3.1 SUSE Package Hub 15:pdns-backend-godbc-4.1.2-bp150.2.3.1 SUSE Package Hub 15:pdns-backend-ldap-4.1.2-bp150.2.3.1 SUSE Package Hub 15:pdns-backend-lua-4.1.2-bp150.2.3.1 SUSE Package Hub 15:pdns-backend-mydns-4.1.2-bp150.2.3.1 SUSE Package Hub 15:pdns-backend-mysql-4.1.2-bp150.2.3.1 SUSE Package Hub 15:pdns-backend-postgresql-4.1.2-bp150.2.3.1 SUSE Package Hub 15:pdns-backend-remote-4.1.2-bp150.2.3.1 SUSE Package Hub 15:pdns-backend-sqlite3-4.1.2-bp150.2.3.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5HUOAHEJGZBU2UVFKSCQPX2U267R5ZBE/#5HUOAHEJGZBU2UVFKSCQPX2U267R5ZBE https://www.suse.com/security/cve/CVE-2018-14626.html CVE-2018-14626 https://bugzilla.suse.com/1114157 SUSE Bug 1114157 https://bugzilla.suse.com/1114169 SUSE Bug 1114169 https://bugzilla.suse.com/1114170 SUSE Bug 1114170