FEDORA-EPEL-2018-fc29932f12

security update in Fedora EPEL 7 for pdns

Status: stable 9 months ago
  • Rebase to 4.0.6
  • Backend geo and lmdb has been deprecated
  • PowerDNS Security Advisory 2018-03 (CVE-2018-10851)

Release notes: https://blog.powerdns.com/2018/11/06/powerdns-authoritative-server-4-0-6-4-1-5-and-recursor-4-0-9-4-1-5-released/

Security Advisory: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html

Comments 15

This update has been submitted for testing by mstevens.

This update has been pushed to testing.

Older version of pdns provides sub-packages backend-geo and backend-lmdb. These sub-packages were removed in this update but because they were not obsoleted, update will fail on systems with those installed. Suggested fix:

Obsoletes: pdns-backend-geo < 4.0.6-1 Obsoletes: pdns-backend-lmdb < 4.0.6-1

karma: -1

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

mstevens edited this update.

New build(s):

  • pdns-4.0.6-2.el7

Removed build(s):

  • pdns-4.0.6-1.el7

Karma has been reset.

This update has been submitted for testing by mstevens.

@tis

Thank you. Missed the obsolete section in the final git commit. It's now fixed with pdns-4.0.6-2.el7. Please check.

mstevens edited this update.

This update has been pushed to testing.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by mstevens.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Why was this major release update pushed to EPEL 7 and marked as security update?

Upgrading from PDNS 3.4.11-4.el7.x86_64 to 4.0.6-2.el7.x86_64 is more then just a security update. This broke our entire PDNS cluster this morning cause config parameters have changed and PDNS wasn't starting anymore. Also the Web API has changed.

We're running yum-cron to apply security patches automatically but this showed us to remove it from all systems. I really appreciate your work guys but this wasn't really cautious.

@tyrola Thanks for your feedback. It is a security update for https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html (CVE-2018-10851).

Please let me explain a few things: RHEL7 will be supported until June 30, 2024. We can't support PowerDNS 3.4.x until 2024, because PowerDNS 3.4.x is now EOL (End of Life). Please check the End of life statement from upstream developer: https://doc.powerdns.com/authoritative/appendices/EOL.html

That's the reason why we must upgrade to PowerDNS 4.x. Since there is no SQL schema change between 3.4.x and 4.0.x the upgrade should work properly in most situations with mysql or psql backend. I am sorry that you had problems. Please note: The API was considered experimental in all 3.x releases.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted 9 months ago
in testing 9 months ago
in stable 9 months ago
modified 9 months ago

Related Bugs 4

00 #1588185 CVE-2018-10851 pdns: Memory leak while parsing malformed records
00 #1649028 CVE-2018-14626 pdns: Packet cache pollution via crafted query
00 #1649030 CVE-2018-14626 pdns: Packet cache pollution via crafted query [epel-all]
00 #1649032 CVE-2018-10851 pdns: Memory leak while parsing malformed records [epel-all]

Automated Test Results