Security update for pdns-recursor SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:10171-1 Final 1 1 2022-10-30T15:07:10Z current 2022-10-30T15:07:10Z 2022-10-30T15:07:10Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for pdns-recursor This update for pdns-recursor fixes the following issues: pdns-recursor was updated to 4.6.3: * fixes incomplete exception handling related to protobuf message generation (boo#1202664, CVE-2022-37428) pdns-recursor was updated to 4.6.2: * Reject non-apex NSEC(3)s that have both the NS and SOA bits set * A CNAME answer on DS query should abort DS retrieval * Allow disabling of processing the root hints * If we get NODATA on an AAAA in followCNAMERecords, try native dns64 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2022-10171 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QTTGUFMAXOAIF5ITDWH77TARHQP4EO3F/ E-Mail link for openSUSE-SU-2022:10171-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1202664 SUSE Bug 1202664 https://www.suse.com/security/cve/CVE-2022-37428/ SUSE CVE CVE-2022-37428 page SUSE Package Hub 15 SP4 openSUSE Leap 15.4 pdns-recursor-4.6.3-bp154.2.3.1 pdns-recursor-4.6.3-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 pdns-recursor-4.6.3-bp154.2.3.1 as a component of openSUSE Leap 15.4 PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties. CVE-2022-37428 SUSE Package Hub 15 SP4:pdns-recursor-4.6.3-bp154.2.3.1 openSUSE Leap 15.4:pdns-recursor-4.6.3-bp154.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QTTGUFMAXOAIF5ITDWH77TARHQP4EO3F/ https://www.suse.com/security/cve/CVE-2022-37428.html CVE-2022-37428 https://bugzilla.suse.com/1202664 SUSE Bug 1202664