Bug 1242517 (CVE-2015-5470)

Summary: CVE-2015-5470 pdns: Label decompression bug in PowerDNS can cause crashes on specific platforms (incomplete CVE-2015-1868 fix)
Product: [Other] Security Response Reporter: Vasyl Kaigorodov <vkaigoro>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jrusnack, ms, ruben
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: PowerDNS Recursor 3.6.4, PowerDNS Recursor 3.7.3, PowerDNS Authoritative Server 3.4.5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-22 06:48:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1242518, 1242519, 1242520, 1242521    
Bug Blocks:    

Description Vasyl Kaigorodov 2015-07-13 13:26:10 UTC 
It was found that fix for CVE-2015-1868 was incomplete for PowerDNS:
https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/

Upstream released updated versions that fix this:
http://blog.powerdns.com/2015/06/09/authoritative-server-3-4-5-3-3-3-and-recursor-3-7-3-3-6-4-released/

Separate CVE has been assigned to this issue:
http://seclists.org/oss-sec/2015/q3/85
Comment 1 Vasyl Kaigorodov 2015-07-13 13:27:25 UTC 
Created pdns tracking bugs for this issue:

Affects: fedora-all [bug 1242518]
Affects: epel-all [bug 1242520]
Comment 2 Vasyl Kaigorodov 2015-07-13 13:27:27 UTC 
Created pdns-recursor tracking bugs for this issue:

Affects: fedora-all [bug 1242519]
Affects: epel-all [bug 1242521]
Comment 3 Morten Stevens 2015-07-13 13:59:45 UTC 
We have already the latest updates for Fedora and Fedora-EPEL.

PowerDNS recursor updates:

https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6645/pdns-recursor-3.7.3-1.el7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6647/pdns-recursor-3.7.3-1.el6
https://admin.fedoraproject.org/updates/FEDORA-2015-9785/pdns-recursor-3.7.3-1.fc22
https://admin.fedoraproject.org/updates/FEDORA-2015-9786/pdns-recursor-3.7.3-1.fc21

PowerDNS authoritative server updates:

https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6640/pdns-3.4.5-1.el7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6642/pdns-3.3.3-1.el6
https://admin.fedoraproject.org/updates/FEDORA-2015-9788/pdns-3.4.5-1.fc21
https://admin.fedoraproject.org/updates/FEDORA-2015-9796/pdns-3.4.5-1.fc22