MGASA-2015-0189
- Source
- https://advisories.mageia.org/MGASA-2015-0189.html
- Import Source
- https://advisories.mageia.org/MGASA-2015-0189.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2015-0189
- Related
- Published
- 2015-05-05T13:36:50Z
- Modified
- 2015-05-05T13:26:20Z
- Summary
- Updated pdns & pdns-recursor packages fix CVE-2015-1868
- Details
-
Updated pdns and pdns-recursor packages fix security vulnerability:
A bug was discovered in the label decompression code in PowerDNS and PowerDNS Recursor, making it possible for names to refer to themselves, thus causing a loop during decompression. On some platforms, this bug can be abused to cause crashes. On all platforms, this bug can be abused to cause service-affecting CPU spikes (CVE-2015-1868).
The pdns package has been updated to version 3.3.2 and the pdns-recursor package has been updated to version 3.6.3 to fix this issue and other bugs.
- References
-
- https://advisories.mageia.org/MGASA-2015-0189.html
- https://bugs.mageia.org/show_bug.cgi?id=15754
- http://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
- http://blog.powerdns.com/2015/05/01/important-update-for-security-advisory-2015-01/
- https://doc.powerdns.com/md/changelog/#powerdns-authoritative-server-332
- https://doc.powerdns.com/md/changelog/#powerdns-recursor-363
- Credits
-
-
- Mageia - COORDINATOR
-