openSUSE Security Update: Security update for pdns-recursor
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:1687-1
Rating: important
References: #1173302 #1177383
Cross-References: CVE-2020-14196 CVE-2020-25829
Affected Products:
openSUSE Leap 15.2
openSUSE Leap 15.1
openSUSE Backports SLE-15-SP2
openSUSE Backports SLE-15-SP1
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for pdns-recursor fixes the following issues:

-pdns-recursorwas updated to 4.1.1 and 4.3.5:
– CVE-2020-25829: Fixed a cache pollution related to DNSSEC validation
(boo#1177383)
– CVE-2020-14196: Fixed an access restriction bypass with API key and
password authentication (boo#1173302).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1687=1

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-1687=1

– openSUSE Backports SLE-15-SP2:

zypper in -t patch openSUSE-2020-1687=1

– openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-1687=1

Package List:

– openSUSE Leap 15.2 (x86_64):

pdns-recursor-4.3.5-lp152.2.6.1
pdns-recursor-debuginfo-4.3.5-lp152.2.6.1
pdns-recursor-debugsource-4.3.5-lp152.2.6.1

– openSUSE Leap 15.1 (x86_64):

pdns-recursor-4.1.12-lp151.3.9.1
pdns-recursor-debuginfo-4.1.12-lp151.3.9.1
pdns-recursor-debugsource-4.1.12-lp151.3.9.1

– openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):

pdns-recursor-4.3.5-bp152.2.12.1
pdns-recursor-debuginfo-4.3.5-bp152.2.12.1
pdns-recursor-debugsource-4.3.5-bp152.2.12.1

– openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):

pdns-recursor-4.1.12-bp151.4.9.1
pdns-recursor-debuginfo-4.1.12-bp151.4.9.1
pdns-recursor-debugsource-4.1.12-bp151.4.9.1

References:

https://protect2.fireeye.com/v1/url?k=2ce64ae7-70f4fee3-2ce1d72b-000babd90757-cc62aa7f1fcb1076&q=1&e=095c659e-fc85-4e3e-b36b-8b60da6182e8&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-14196.html
https://protect2.fireeye.com/v1/url?k=d8d440db-84c6f4df-d8d3dd17-000babd90757-3bf44c3a89788f6d&q=1&e=095c659e-fc85-4e3e-b36b-8b60da6182e8&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-25829.html
https://protect2.fireeye.com/v1/url?k=078e6f20-5b9cdb24-0789f2ec-000babd90757-ff9eaff92728729d&q=1&e=095c659e-fc85-4e3e-b36b-8b60da6182e8&u=https%3A%2F%2Fbugzilla.suse.com%2F1173302
https://protect2.fireeye.com/v1/url?k=485c436d-144ef769-485bdea1-000babd90757-306dbaa9ba7e17a2&q=1&e=095c659e-fc85-4e3e-b36b-8b60da6182e8&u=https%3A%2F%2Fbugzilla.suse.com%2F1177383

—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE Security Update: Security update for pdns-recursor
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:1687-1
Rating: important
References: #1173302 #1177383
Cross-References: CVE-2020-14196 CVE-2020-25829
Affected Products:
openSUSE Leap 15.2
openSUSE Leap 15.1
openSUSE Backports SLE-15-SP2
openSUSE Backports SLE-15-SP1
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for pdns-recursor fixes the following issues:

-pdns-recursorwas updated to 4.1.1 and 4.3.5:
– CVE-2020-25829: Fixed a cache pollution related to DNSSEC validation
(boo#1177383)
– CVE-2020-14196: Fixed an access restriction bypass with API key and
password authentication (boo#1173302).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1687=1

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-1687=1

– openSUSE Backports SLE-15-SP2:

zypper in -t patch openSUSE-2020-1687=1

– openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-1687=1

– SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2020-1687=1

Package List:

– openSUSE Leap 15.2 (x86_64):

pdns-recursor-4.3.5-lp152.2.6.1
pdns-recursor-debuginfo-4.3.5-lp152.2.6.1
pdns-recursor-debugsource-4.3.5-lp152.2.6.1

– openSUSE Leap 15.1 (x86_64):

pdns-recursor-4.1.12-lp151.3.9.1
pdns-recursor-debuginfo-4.1.12-lp151.3.9.1
pdns-recursor-debugsource-4.1.12-lp151.3.9.1

– openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):

pdns-recursor-4.3.5-bp152.2.12.1
pdns-recursor-debuginfo-4.3.5-bp152.2.12.1
pdns-recursor-debugsource-4.3.5-bp152.2.12.1

– openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):

pdns-recursor-4.1.12-bp151.4.9.1
pdns-recursor-debuginfo-4.1.12-bp151.4.9.1
pdns-recursor-debugsource-4.1.12-bp151.4.9.1

– SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):

pdns-recursor-4.1.18-25.1

References:

https://protect2.fireeye.com/v1/url?k=02a39aaf-5eb12eab-02a40763-000babd90757-97b1458b766120ce&q=1&e=8a6c7b1b-277e-4dcb-8444-3bf57ba715b8&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-14196.html
https://protect2.fireeye.com/v1/url?k=2635ff66-7a274b62-263262aa-000babd90757-607b5c8f1d411dda&q=1&e=8a6c7b1b-277e-4dcb-8444-3bf57ba715b8&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-25829.html
https://protect2.fireeye.com/v1/url?k=6712f1f0-3b0045f4-67156c3c-000babd90757-5e273134e602eb5d&q=1&e=8a6c7b1b-277e-4dcb-8444-3bf57ba715b8&u=https%3A%2F%2Fbugzilla.suse.com%2F1173302
https://protect2.fireeye.com/v1/url?k=6990db83-35826f87-6997464f-000babd90757-b88a5fb4c3920c86&q=1&e=8a6c7b1b-277e-4dcb-8444-3bf57ba715b8&u=https%3A%2F%2Fbugzilla.suse.com%2F1177383

—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org