FEDORA-EPEL-2018-fc29932f12 created by mstevens 2 years ago for Fedora EPEL 7
stable
  • Rebase to 4.0.6
  • Backend geo and lmdb has been deprecated
  • PowerDNS Security Advisory 2018-03 (CVE-2018-10851)

Release notes: https://blog.powerdns.com/2018/11/06/powerdns-authoritative-server-4-0-6-4-1-5-and-recursor-4-0-9-4-1-5-released/

Security Advisory: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html

This update has been submitted for testing by mstevens.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon tis commented & provided feedback 2 years ago
karma

Older version of pdns provides sub-packages backend-geo and backend-lmdb. These sub-packages were removed in this update but because they were not obsoleted, update will fail on systems with those installed. Suggested fix:

Obsoletes: pdns-backend-geo < 4.0.6-1 Obsoletes: pdns-backend-lmdb < 4.0.6-1

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

2 years ago

mstevens edited this update.

New build(s):

  • pdns-4.0.6-2.el7

Removed build(s):

  • pdns-4.0.6-1.el7

Karma has been reset.

2 years ago

This update has been submitted for testing by mstevens.

2 years ago

@tis

Thank you. Missed the obsolete section in the final git commit. It's now fixed with pdns-4.0.6-2.el7. Please check.

mstevens edited this update.

2 years ago

This update has been pushed to testing.

2 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for batched by mstevens.

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago
User Icon tyrola commented & provided feedback 2 years ago

Why was this major release update pushed to EPEL 7 and marked as security update?

Upgrading from PDNS 3.4.11-4.el7.x86_64 to 4.0.6-2.el7.x86_64 is more then just a security update. This broke our entire PDNS cluster this morning cause config parameters have changed and PDNS wasn't starting anymore. Also the Web API has changed.

We're running yum-cron to apply security patches automatically but this showed us to remove it from all systems. I really appreciate your work guys but this wasn't really cautious.

User Icon mstevens commented & provided feedback 2 years ago

@tyrola Thanks for your feedback. It is a security update for https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html (CVE-2018-10851).

Please let me explain a few things: RHEL7 will be supported until June 30, 2024. We can't support PowerDNS 3.4.x until 2024, because PowerDNS 3.4.x is now EOL (End of Life). Please check the End of life statement from upstream developer: https://doc.powerdns.com/authoritative/appendices/EOL.html

That's the reason why we must upgrade to PowerDNS 4.x. Since there is no SQL schema change between 3.4.x and 4.0.x the upgrade should work properly in most situations with mysql or psql backend. I am sorry that you had problems. Please note: The API was considered experimental in all 3.x releases.


Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1588185 CVE-2018-10851 pdns: Memory leak while parsing malformed records
0
0
BZ#1649028 CVE-2018-14626 pdns: Packet cache pollution via crafted query
0
0
BZ#1649030 CVE-2018-14626 pdns: Packet cache pollution via crafted query [epel-all]
0
0
BZ#1649032 CVE-2018-10851 pdns: Memory leak while parsing malformed records [epel-all]
0
0

Automated Test Results