| Summary: | <net-dns/pdns-recursor-{3.6.4,3.7.3}: Label decompression bug in PowerDNS can cause crashes on specific platforms (incomplete CVE-2015-1868 fix) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | swegener |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1242517 | ||
| Whiteboard: | B3 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 547706 | ||
3.7.3 and 3.6.4 are the stabilization candidates, please coordinate with bug #547706 which tracks the original security fix. Arches, please test and mark stable: =net-dns/pdns-recursor-3.6.4 Target Keywords : "amd64 x86" Thank you! amd64 stable Ping on x86 stabilization. x86 stable. Maintainer(s), please cleanup. Security, please vote. GLSA Vote: No GLSA Vote: No Maintainer(s), please drop the vulnerable version(s). Maintainer(s), Thank you for cleanup. Thank you all. Closing as [noglsa]. |
From ${URL} : It was found that fix for CVE-2015-1868 was incomplete for PowerDNS: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ Upstream released updated versions that fix this: http://blog.powerdns.com/2015/06/09/authoritative-server-3-4-5-3-3-3-and-recursor-3-7-3-3-6-4-released/ Separate CVE has been assigned to this issue: http://seclists.org/oss-sec/2015/q3/85 @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.