{"update": {"autokarma": true, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "Fixes CVE-2018-16855 (Crafted query can cause a denial of service)\n\n----\n\nNew upstream release with security fixes for CVE-2018-10851, CVE-2018-14626 and CVE-2018-14644", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2018-11-29 14:22:58", "date_modified": null, "date_approved": null, "date_testing": "2018-11-30 03:17:30", "date_stable": "2018-12-16 02:24:11", "alias": "FEDORA-2018-c341b70641", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2018-12-16 02:24:11", "meets_testing_requirements": true, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2018-c341b70641", "title": "pdns-recursor-4.1.8-1.fc28", "version_hash": "3f7882f28d7dccd0ab40500a7b2d050c2bc3fca4", "release": {"name": "F28", "long_name": "Fedora 28", "version": "28", "id_prefix": "FEDORA", "branch": "f28", "dist_tag": "f28", "stable_tag": "f28-updates", "testing_tag": "f28-updates-testing", "candidate_tag": "f28-updates-candidate", "pending_signing_tag": "f28-signing-pending", "pending_testing_tag": "f28-updates-testing-pending", "pending_stable_tag": "f28-updates-pending", "override_tag": "f28-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": null, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "ruben", "email": "ruben@rubenkerkhof.com", "id": 570, "avatar": "https://seccdn.libravatar.org/avatar/c4c2f39af95837fe0ba583c62d8217171e407487338e73bd797016555b9d4009?s=24&d=retro", "openid": "ruben.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by ruben. ", "timestamp": "2018-11-29 14:22:58", "update_id": 127613, "user_id": 91, "id": 868525, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has obsoleted [pdns-recursor-4.1.7-1.fc28](https://bodhi.fedoraproject.org/updates/FEDORA-2018-86e2487df2), and has inherited its bugs and notes.", "timestamp": "2018-11-29 14:23:02", "update_id": 127613, "user_id": 91, "id": 868530, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2018-11-30 03:18:18", "update_id": 127613, "user_id": 91, "id": 868796, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes", "timestamp": "2018-12-07 06:00:28", "update_id": 127613, "user_id": 91, "id": 871598, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for batched by ruben. ", "timestamp": "2018-12-14 11:13:14", "update_id": 127613, "user_id": 91, "id": 874648, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2018-12-14 23:45:23", "update_id": 127613, "user_id": 91, "id": 874754, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2018-12-16 02:24:36", "update_id": 127613, "user_id": 91, "id": 875139, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "pdns-recursor-4.1.8-1.fc28", "signed": true, "release_id": 21, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1648380, "title": "CVE-2018-14644 pdns: crafted query for meta-types can lead to a DoS [fedora-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1648382, "title": "CVE-2018-14644 pdns: crafted query for meta-types can lead to a DoS [epel-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1649028, "title": "CVE-2018-14626 pdns: Packet cache pollution via crafted query", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 868523, "bug_id": 1649028, "comment": {"karma": 0, "karma_critpath": 0, "text": "Why was this major release update pushed to EPEL 7 and marked as security update?\n\nUpgrading from PDNS 3.4.11-4.el7.x86_64 to 4.0.6-2.el7.x86_64 is more then just a security update. This broke our entire PDNS cluster this morning cause config parameters have changed and PDNS wasn't starting anymore. Also the Web API has changed. \n\nWe're running yum-cron to apply security patches automatically but this showed us to remove it from all systems. I really appreciate your work guys but this wasn't really cautious.", "timestamp": "2018-11-29 14:20:00", "update_id": 126405, "user_id": 3398, "id": 868523, "testcase_feedback": [], "user": {"name": "tyrola", "email": "alex.birkner@gmail.com", "id": 3398, "avatar": "https://seccdn.libravatar.org/avatar/0066c760e117e4fadc698dbc51289ff47f3865eebd6d53ce273d97fd250eef34?s=24&d=retro", "openid": "tyrola.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 869867, "bug_id": 1649028, "comment": {"karma": 0, "karma_critpath": 0, "text": "@tyrola\nThanks for your feedback. It is a security update for https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html (CVE-2018-10851). \n\nPlease let me explain a few things:  RHEL7 will be supported until June 30, 2024. We can't support PowerDNS 3.4.x until 2024, because PowerDNS 3.4.x is now EOL (End of Life).  Please check the End of life statement from upstream developer: https://doc.powerdns.com/authoritative/appendices/EOL.html\n\nThat's the reason why we must upgrade to PowerDNS 4.x. Since there is no SQL schema change between 3.4.x and 4.0.x the upgrade should work properly in most situations with mysql or psql backend. I am sorry that you had problems. Please note: The API was considered experimental in all 3.x releases.", "timestamp": "2018-12-03 14:20:23", "update_id": 126405, "user_id": 203, "id": 869867, "testcase_feedback": [], "user": {"name": "mstevens", "email": "ms@unix9.com", "id": 203, "avatar": "https://seccdn.libravatar.org/avatar/66cdd58f5ace3c9703b685ce40fdb67023b566459b5d44a8768d0cb55407bd1c?s=24&d=retro", "openid": "mstevens.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}]}, {"bug_id": 1649043, "title": "CVE-2018-10851 pdns-recursor: pdns: Memory leak while parsing malformed records [epel-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1649045, "title": "CVE-2018-14644 pdns-recursor: pdns: crafted query for meta-types can lead to a DoS [fedora-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1649046, "title": "CVE-2018-14644 pdns-recursor: pdns: crafted query for meta-types can lead to a DoS [epel-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1654233, "title": "CVE-2018-16855 pdns-recursor: Out-of-bounds read with crafted DNS queries [epel-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1654234, "title": "CVE-2018-16855 pdns-recursor: Out-of-bounds read with crafted DNS queries [fedora-all]", "security": true, "parent": false, "feedback": []}], "updateid": "FEDORA-2018-c341b70641", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}