553165 – Two major vulnerabilities been discovered in pdns-recursor

Bug 553165 - Two major vulnerabilities been discovered in pdns-recursor

Summary: Two major vulnerabilities been discovered in pdns-recursor

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	pdns-recursor
Sub Component:
Version:	el5
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Ruben Kerkhof
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	http://doc.powerdns.com/powerdns-advi...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-01-07 10:06 UTC by Gerwin Krist
Modified:	2010-01-07 10:49 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-01-07 10:49:27 UTC
Type:	---
Embargoed:

Attachments	(Terms of Use)

Description Gerwin Krist 2010-01-07 10:06:40 UTC

Description of problem:

Security breach in the powerdns recursor. It can lead to cache poising and system compromise. So ONLY in recuros and not in authoritive nameserver part.

Version-Release number of selected component (if applicable):
<=3.1.7

How reproducible:
Always

Advisory:
http://doc.powerdns.com/powerdns-advisory-2010-01.html
http://doc.powerdns.com/powerdns-advisory-2010-02.html

It's fixed in the 3.1.7.2 version

Comment 1 manuel wolfshant 2010-01-07 10:49:27 UTC

It has been updated by Ruben yesterday.
http://koji.fedoraproject.org/koji/packageinfo?packageID=2745

Note You need to log in before you can comment on or make changes to this bug.