Bug 552285 (CVE-2009-4009, CVE-2009-4010)
Summary: | CVE-2009-4009 CVE-2009-4010 PowerDNS Recursor: code execution and domain spoofing flaws | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | bert hubert <bert.hubert> |
Component: | pdns-recursor | Assignee: | Ruben Kerkhof <ruben> |
Status: | CLOSED ERRATA | QA Contact: | Ruben Kerkhof <ruben> |
Severity: | urgent | Docs Contact: | |
Priority: | low | ||
Version: | 12 | CC: | bressers, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 3.1.7.2-1.el5 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-01-07 21:43:18 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
bert hubert
2010-01-04 15:11:24 UTC
Bert, is -4009 for the first issue (DoS / code execution) and -4010 for the second (domain data spoofing)? (In reply to comment #1) Tomas, is there a way to update the package before wednesday without the details showing up in public cvs? This is correct. These issues are extremely urgent - how can I get the patch/new tarball to you? I've just received the tarball from Bert via private mail. (In reply to comment #2) > Tomas, is there a way to update the package before wednesday without the > details showing up in public cvs? No. Fedora CVS / build system is public, so once new version is committed / built, it will be available to anyone. Bert, can this bug be made public now? I don't see any announcement in announce list archives, but upstream pages already offer updated binaries (but not sources). Yes, you can go live Sources are available now too. Thanks, making bug public. pdns-recursor-3.1.7.2-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. pdns-recursor-3.1.7.2-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. Upstream advisories: http://doc.powerdns.com/powerdns-advisory-2010-01.html http://doc.powerdns.com/powerdns-advisory-2010-02.html pdns-recursor-3.1.7.2-1.el4.1 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report. pdns-recursor-3.1.7.2-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. |