Bug 930635 (CVE-2024-25583)

Summary:	<net-dns/pdns-recursor-5.0.4: crafted responses can lead to a denial of service
Product:	Gentoo Security	Reporter:	Sven Wegener <swegener>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	CONFIRMED ---
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-02.html
Whiteboard:	B3 [glsa?]
Package list:		Runtime testing required:	---

Description Sven Wegener gentoo-dev

2024-04-24 17:39:08 UTC

From $URL:

A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.

CVSS Score: 7.5, only for configurations using recursive forwarding, see https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1

The remedy is to update to a patched version.

Comment 1 Larry the Git Cow gentoo-dev

2024-04-24 17:54:58 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c345d6cba29d96f1e8ca510aca8ea0832d8e0b6d

commit c345d6cba29d96f1e8ca510aca8ea0832d8e0b6d
Author:     Sven Wegener <swegener@gentoo.org>
AuthorDate: 2024-04-24 17:52:52 +0000
Commit:     Sven Wegener <swegener@gentoo.org>
CommitDate: 2024-04-24 17:54:48 +0000

    net-dns/pdns-recursor: add 5.0.4
    
    Bug: https://bugs.gentoo.org/930635
    Signed-off-by: Sven Wegener <swegener@gentoo.org>

 net-dns/pdns-recursor/Manifest                   |   1 +
 net-dns/pdns-recursor/pdns-recursor-5.0.4.ebuild | 132 +++++++++++++++++++++++
 2 files changed, 133 insertions(+)

Comment 2 Larry the Git Cow gentoo-dev

2024-04-28 18:23:56 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9628110498e232dec1584d48afa05e27e8ad3acb

commit 9628110498e232dec1584d48afa05e27e8ad3acb
Author:     Sven Wegener <swegener@gentoo.org>
AuthorDate: 2024-04-28 18:23:29 +0000
Commit:     Sven Wegener <swegener@gentoo.org>
CommitDate: 2024-04-28 18:23:35 +0000

    net-dns/pdns-recursor: stabilize 5.0.4 for amd64, x86
    
    Bug: https://bugs.gentoo.org/930635
    Signed-off-by: Sven Wegener <swegener@gentoo.org>

 net-dns/pdns-recursor/pdns-recursor-5.0.4.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 3 Larry the Git Cow gentoo-dev

2024-05-03 18:26:22 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=607af859d207654834a2a454ff962c39a88f4ff3

commit 607af859d207654834a2a454ff962c39a88f4ff3
Author:     Sven Wegener <swegener@gentoo.org>
AuthorDate: 2024-05-03 18:26:11 +0000
Commit:     Sven Wegener <swegener@gentoo.org>
CommitDate: 2024-05-03 18:26:18 +0000

    net-dns/pdns-recursor: drop 5.0.2, 5.0.3
    
    Bug: https://bugs.gentoo.org/930635
    Signed-off-by: Sven Wegener <swegener@gentoo.org>

 net-dns/pdns-recursor/Manifest                   |   2 -
 net-dns/pdns-recursor/pdns-recursor-5.0.2.ebuild | 132 -----------------------
 net-dns/pdns-recursor/pdns-recursor-5.0.3.ebuild | 132 -----------------------
 3 files changed, 266 deletions(-)