Date: Fri, 22 May 2020 09:09:04 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 246655] dns/powerdns-recursor: update to 4.3.1 Message-ID: <bug-246655-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D246655 Bug ID: 246655 Summary: dns/powerdns-recursor: update to 4.3.1 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: tremere@cainites.net Created attachment 214751 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D214751&action= =3Dedit Update to PowerDNS Recursor 4.3.1 Update to PowerDNS Recursor containing security fixes for three CVEs: - CVE-2020-10995 - CVE-2020-12244 - CVE-2020-10030 The issues are: CVE-2020-10995: An issue in the DNS protocol has been found that allows malicious parties to use recursive DNS services to attack third party authoritative name servers. Severity is medium. We would like to thank Lior Shafir, Yehuda Afek and Anat Bremler-Barr for finding and subsequently reporting this issue! CVE-2020-12244: Records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated. Severity is medium. We would like to thank Matt Nordhoff for finding and subsequently reporting this issue! CVE-2020-10030: An attacker with enough privileges to change the hostname might be able to disclose uninitialized memory. This issue also affects the Authoritative Server and dnsdist; since the attack requires very high privileges and the issue does not affect Linux, we will not be releasing new versions for those just for this issue. Severity is low. As usual, there were also other smaller enhancements and bugfixes. See https://doc.powerdns.com/recursor/changelog/4.3.html#change-4.3.1 for t= he full changelog. QA: portlint: OK (looks fine.) testport: OK (12.1, amd64) Regenerated some patches to make portlint happy. Due to several reports of the recursor (also older versions) crashing on i3= 86 I've marked it BROKEN on i386. Also, added a patch from upstream to fix building since HOST_NAME_MAX has b= een deprecated on FreeBSD, but not on some other platforms. It will be part of = the next official release. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-246655-7788>