Security update for pdns, pdns-recursor SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1278-1 Final 1 1 2015-07-13T11:25:50Z current 2015-07-13T11:25:50Z 2015-07-13T11:25:50Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for pdns, pdns-recursor pdns, pdns-recursor were updated to fix two security issues. These security issues were fixed: - CVE-2015-1868: The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allowed remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself (bsc#927569). - CVE-2015-5470: Complete fix for CVE-2015-1868 (bsc#927569). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-07/msg00049.html E-Mail link for openSUSE-SU-2015:1278-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings pdns-recursor-3.6.2-8.7.1 The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself. CVE-2015-1868 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-07/msg00049.html https://www.suse.com/security/cve/CVE-2015-1868.html CVE-2015-1868 https://bugzilla.suse.com/927569 SUSE Bug 927569 https://bugzilla.suse.com/943078 SUSE Bug 943078 The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868. CVE-2015-5470 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-07/msg00049.html https://www.suse.com/security/cve/CVE-2015-5470.html CVE-2015-5470 https://bugzilla.suse.com/927569 SUSE Bug 927569