Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 836006 (CVE-2022-27227)

Summary: <net-dns/{pdns,pdns-recursor}-4.6.1: incomplete zone transfers handled as successful
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: gentoo_bugs_2_peep, swegener
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-25 16:38:05 UTC
CVE-2022-27227 (https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html):
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html
https://docs.powerdns.com/recursor/security-advisories/index.html
https://doc.powerdns.com/authoritative/security-advisories/index.html

In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.

Please bump as necessary.
Comment 1 Larry the Git Cow gentoo-dev 2022-03-26 05:53:41 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e8b2964ef6a33f927d997887de2f2c4d6298e5e7

commit e8b2964ef6a33f927d997887de2f2c4d6298e5e7
Author:     Sven Wegener <swegener@gentoo.org>
AuthorDate: 2022-03-26 05:52:18 +0000
Commit:     Sven Wegener <swegener@gentoo.org>
CommitDate: 2022-03-26 05:53:29 +0000

    net-dns/pdns: Version bump, security bug #836006
    
    Bug: https://bugs.gentoo.org/836006
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Sven Wegener <swegener@gentoo.org>

 net-dns/pdns/Manifest          |   1 +
 net-dns/pdns/pdns-4.6.1.ebuild | 167 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 168 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2022-03-26 19:00:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8fe5ce0380094cc7036b8c7271de856636e3132f

commit 8fe5ce0380094cc7036b8c7271de856636e3132f
Author:     Sven Wegener <swegener@gentoo.org>
AuthorDate: 2022-03-26 19:00:25 +0000
Commit:     Sven Wegener <swegener@gentoo.org>
CommitDate: 2022-03-26 19:00:46 +0000

    net-dns/pdns-recursor: Version bump, security bug #836006
    
    Bug: https://bugs.gentoo.org/836006
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Sven Wegener <swegener@gentoo.org>

 net-dns/pdns-recursor/Manifest                   |  1 +
 net-dns/pdns-recursor/pdns-recursor-4.6.1.ebuild | 84 ++++++++++++++++++++++++
 2 files changed, 85 insertions(+)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-26 21:53:20 UTC
Thanks, please stabilize when ready!
Comment 4 Larry the Git Cow gentoo-dev 2022-03-29 21:17:18 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a65af87e0b7de9ccf559a922a150911bd316b76a

commit a65af87e0b7de9ccf559a922a150911bd316b76a
Author:     Sven Wegener <swegener@gentoo.org>
AuthorDate: 2022-03-29 20:10:25 +0000
Commit:     Sven Wegener <swegener@gentoo.org>
CommitDate: 2022-03-29 20:20:29 +0000

    net-dns/pdns-recursor: Stabilize 4.6.1 on amd64/x86, security bug #836006
    
    Bug: https://bugs.gentoo.org/836006
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Sven Wegener <swegener@gentoo.org>

 net-dns/pdns-recursor/pdns-recursor-4.6.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=34a0632f0a38dc4c7646baf7d64ab919b8c790ed

commit 34a0632f0a38dc4c7646baf7d64ab919b8c790ed
Author:     Sven Wegener <swegener@gentoo.org>
AuthorDate: 2022-03-29 20:05:09 +0000
Commit:     Sven Wegener <swegener@gentoo.org>
CommitDate: 2022-03-29 20:20:28 +0000

    net-dns/pdns: Stabilize 4.6.1 on amd64/x86, security bug #836006
    
    Bug: https://bugs.gentoo.org/836006
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Sven Wegener <swegener@gentoo.org>

 net-dns/pdns/pdns-4.6.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-30 02:53:55 UTC
Thanks, please cleanup when ready!
Comment 6 Larry the Git Cow gentoo-dev 2022-03-31 19:01:38 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c6202dd5e4cf1967b48c0a7b66ab519ebfc7bb1

commit 6c6202dd5e4cf1967b48c0a7b66ab519ebfc7bb1
Author:     Sven Wegener <swegener@gentoo.org>
AuthorDate: 2022-03-31 18:59:28 +0000
Commit:     Sven Wegener <swegener@gentoo.org>
CommitDate: 2022-03-31 19:00:12 +0000

    net-dns/pdns-recursor: Cleanup
    
    Bug: https://bugs.gentoo.org/836006
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Sven Wegener <swegener@gentoo.org>

 net-dns/pdns-recursor/Manifest                     |  3 -
 net-dns/pdns-recursor/metadata.xml                 |  1 -
 net-dns/pdns-recursor/pdns-recursor-4.4.7.ebuild   | 88 ----------------------
 net-dns/pdns-recursor/pdns-recursor-4.5.7.ebuild   | 82 --------------------
 .../pdns-recursor/pdns-recursor-4.6.0-r1.ebuild    | 84 ---------------------
 5 files changed, 258 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36c47a438b180ce752832f9fe4991a1c81df57bb

commit 36c47a438b180ce752832f9fe4991a1c81df57bb
Author:     Sven Wegener <swegener@gentoo.org>
AuthorDate: 2022-03-31 18:58:39 +0000
Commit:     Sven Wegener <swegener@gentoo.org>
CommitDate: 2022-03-31 19:00:12 +0000

    net-dns/pdns: Cleanup
    
    Bug: https://bugs.gentoo.org/836006
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Sven Wegener <swegener@gentoo.org>

 net-dns/pdns/Manifest                          |   5 -
 net-dns/pdns/files/pdns-4.4.1-boost-1.76.patch |  26 ----
 net-dns/pdns/metadata.xml                      |   1 -
 net-dns/pdns/pdns-4.4.1-r2.ebuild              | 172 -------------------------
 net-dns/pdns/pdns-4.4.2-r1.ebuild              | 172 -------------------------
 net-dns/pdns/pdns-4.5.2-r2.ebuild              | 161 -----------------------
 net-dns/pdns/pdns-4.5.2-r3.ebuild              | 167 ------------------------
 net-dns/pdns/pdns-4.5.3-r1.ebuild              | 167 ------------------------
 net-dns/pdns/pdns-4.6.0-r1.ebuild              | 167 ------------------------
 9 files changed, 1038 deletions(-)
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-31 19:55:00 UTC
Thanks! Low impact, no GLSA. All done!