FEDORA-EPEL-2018-fc29932f12 created by mstevens a year ago for Fedora EPEL 7
stable
  • Rebase to 4.0.6
  • Backend geo and lmdb has been deprecated
  • PowerDNS Security Advisory 2018-03 (CVE-2018-10851)

Release notes: https://blog.powerdns.com/2018/11/06/powerdns-authoritative-server-4-0-6-4-1-5-and-recursor-4-0-9-4-1-5-released/

Security Advisory: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html

This update has been submitted for testing by mstevens.

a year ago

This update has been pushed to testing.

a year ago
User Icon tis commented & provided feedback a year ago
karma

Older version of pdns provides sub-packages backend-geo and backend-lmdb. These sub-packages were removed in this update but because they were not obsoleted, update will fail on systems with those installed. Suggested fix:

Obsoletes: pdns-backend-geo < 4.0.6-1 Obsoletes: pdns-backend-lmdb < 4.0.6-1

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

a year ago

mstevens edited this update.

New build(s):

  • pdns-4.0.6-2.el7

Removed build(s):

  • pdns-4.0.6-1.el7

Karma has been reset.

a year ago

This update has been submitted for testing by mstevens.

a year ago

@tis

Thank you. Missed the obsolete section in the final git commit. It's now fixed with pdns-4.0.6-2.el7. Please check.

mstevens edited this update.

a year ago

This update has been pushed to testing.

a year ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

a year ago

This update has been submitted for batched by mstevens.

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago
User Icon tyrola commented & provided feedback a year ago

Why was this major release update pushed to EPEL 7 and marked as security update?

Upgrading from PDNS 3.4.11-4.el7.x86_64 to 4.0.6-2.el7.x86_64 is more then just a security update. This broke our entire PDNS cluster this morning cause config parameters have changed and PDNS wasn't starting anymore. Also the Web API has changed.

We're running yum-cron to apply security patches automatically but this showed us to remove it from all systems. I really appreciate your work guys but this wasn't really cautious.

User Icon mstevens commented & provided feedback a year ago

@tyrola Thanks for your feedback. It is a security update for https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html (CVE-2018-10851).

Please let me explain a few things: RHEL7 will be supported until June 30, 2024. We can't support PowerDNS 3.4.x until 2024, because PowerDNS 3.4.x is now EOL (End of Life). Please check the End of life statement from upstream developer: https://doc.powerdns.com/authoritative/appendices/EOL.html

That's the reason why we must upgrade to PowerDNS 4.x. Since there is no SQL schema change between 3.4.x and 4.0.x the upgrade should work properly in most situations with mysql or psql backend. I am sorry that you had problems. Please note: The API was considered experimental in all 3.x releases.


Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
modified
a year ago
BZ#1588185 CVE-2018-10851 pdns: Memory leak while parsing malformed records
0
0
BZ#1649028 CVE-2018-14626 pdns: Packet cache pollution via crafted query
0
0
BZ#1649030 CVE-2018-14626 pdns: Packet cache pollution via crafted query [epel-all]
0
0
BZ#1649032 CVE-2018-10851 pdns: Memory leak while parsing malformed records [epel-all]
0
0

Automated Test Results