231 lines
11 KiB
JSON
231 lines
11 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20171425",
|
|
"Version": "oval:org.altlinux.errata:def:20171425",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2017-1425: package `pdns` update to version 4.0.3-alt2",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c9f2"
|
|
],
|
|
"Products": [
|
|
"ALT SPWorkstation",
|
|
"ALT SPServer"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2017-1425",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-1425",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2015-5470",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-5470",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2016-2120",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-2120",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2016-5426",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5426",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2016-5427",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-5427",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2016-7068",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7068",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2016-7072",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7072",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2016-7073",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7073",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2016-7074",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-7074",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades pdns to version 4.0.3-alt2. \nSecurity Fix(es):\n\n * CVE-2015-5470: The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.\n\n * CVE-2016-2120: An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.\n\n * CVE-2016-5426: PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname.\n\n * CVE-2016-5427: PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query.\n\n * CVE-2016-7068: An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour.\n\n * CVE-2016-7072: An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible.\n\n * CVE-2016-7073: An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack.\n\n * CVE-2016-7074: An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "High",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2017-04-04"
|
|
},
|
|
"Updated": {
|
|
"Date": "2017-04-04"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2015-5470",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
|
|
"CWE": "CWE-399",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-5470",
|
|
"Impact": "High",
|
|
"Public": "20151102"
|
|
},
|
|
{
|
|
"ID": "CVE-2016-2120",
|
|
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "CWE-190",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-2120",
|
|
"Impact": "Low",
|
|
"Public": "20181101"
|
|
},
|
|
{
|
|
"ID": "CVE-2016-5426",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "CWE-399",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5426",
|
|
"Impact": "High",
|
|
"Public": "20160921"
|
|
},
|
|
{
|
|
"ID": "CVE-2016-5427",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "CWE-399",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-5427",
|
|
"Impact": "High",
|
|
"Public": "20160921"
|
|
},
|
|
{
|
|
"ID": "CVE-2016-7068",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "CWE-400",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7068",
|
|
"Impact": "High",
|
|
"Public": "20180911"
|
|
},
|
|
{
|
|
"ID": "CVE-2016-7072",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"CWE": "CWE-400",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7072",
|
|
"Impact": "High",
|
|
"Public": "20180910"
|
|
},
|
|
{
|
|
"ID": "CVE-2016-7073",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
|
"CWE": "CWE-20",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7073",
|
|
"Impact": "Low",
|
|
"Public": "20180911"
|
|
},
|
|
{
|
|
"ID": "CVE-2016-7074",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
|
"CWE": "CWE-20",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-7074",
|
|
"Impact": "Low",
|
|
"Public": "20180911"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:8.4",
|
|
"cpe:/o:alt:spserver:8.4"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171425001",
|
|
"Comment": "pdns is earlier than 0:4.0.3-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171425002",
|
|
"Comment": "pdns-backend-geoip is earlier than 0:4.0.3-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171425003",
|
|
"Comment": "pdns-backend-ldap is earlier than 0:4.0.3-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171425004",
|
|
"Comment": "pdns-backend-lua is earlier than 0:4.0.3-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171425005",
|
|
"Comment": "pdns-backend-mydns is earlier than 0:4.0.3-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171425006",
|
|
"Comment": "pdns-backend-mysql is earlier than 0:4.0.3-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171425007",
|
|
"Comment": "pdns-backend-opendbx is earlier than 0:4.0.3-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171425008",
|
|
"Comment": "pdns-backend-pipe is earlier than 0:4.0.3-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171425009",
|
|
"Comment": "pdns-backend-postgresql is earlier than 0:4.0.3-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171425010",
|
|
"Comment": "pdns-backend-remote is earlier than 0:4.0.3-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171425011",
|
|
"Comment": "pdns-backend-sqlite is earlier than 0:4.0.3-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171425012",
|
|
"Comment": "pdns-backend-tinydns is earlier than 0:4.0.3-alt2"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20171425013",
|
|
"Comment": "pdns-tools is earlier than 0:4.0.3-alt2"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |