Security update for pdns-recursor
This update for pdns-recursor fixes the following issues:
Update to 4.8.6:
* fixes case when crafted DNSSEC records in a zone can lead to
a denial of service in Recursor
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
(boo#1219823, boo#1219826, CVE-2023-50387, CVE-2023-50868)
Changes in 4.8.5:
* (I)XFR: handle partial read of len prefix.
* YaHTTP: Prevent integer overflow on very large chunks.
* Fix setting of policy tags for packet cache hits.
Changes in 4.8.4:
* Deterred spoofing attempts can lead to authoritative servers
being marked unavailable (boo#1209897, CVE-2023-26437)
-
Submitted by
Adam Majer (adamm)
Fixed bugs
bnc#1219823
VUL-0: CVE-2023-50387 : unbound, pdns, bind: Denial Of Service while trying to validate specially crafted DNSSEC responses
bnc#1209897
VUL-0: CVE-2023-26437: pdns-recursor: Deterred spoofing attempts can lead to authoritative servers being marked unavailable
bnc#1219826
VUL-0: CVE-2023-50868: unbound, bind, pdns: Denial Of Service while trying to validate specially crafted DNSSEC responses
