Bug 9944

Summary: pdns-recursor new security issue CVE-2012-1193
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Oden Eriksson <oe>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/548961/
Whiteboard:
Source RPM: pdns-3.2-3.mga3.src.rpm CVE:
Status comment:

Description David Walser 2013-05-01 21:38:22 CEST 
Fedora has issued an advisory on April 22:
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104177.html

pdns-recursor is built from our pdns SRPM, which bundles pdns-recursor 3.3 with it (looks like it was added by Oden during the Mageia 3 development cycle).  3.3 is the affected version, and it's fixed in pdns-recursor 3.5 upstream:
http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.5

Reproducible: 

Steps to Reproduce:
Comment 1 Oden Eriksson 2013-05-04 09:15:38 CEST 
Fixed in svn for cauldron. Someone has to submit pdns and pdns-recursor.
Comment 2 David Walser 2013-05-05 00:18:29 CEST 
Fixed in pdns-3.2-4.mga3 by removing the bundled pdns-recursor.

Oden, the pdns-recursor in SVN is messed up, as it doesn't have a sha1.lst file.  If you created that SVN directory by hand, probably better to remove it and recreate it by creating an SRPM locally and importing that.  I guess pdns-recursor can be pushed once you fix it.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 3 David Walser 2013-05-05 01:27:51 CEST 
Nevermind, Thomas Backlund fixed pdns-recursor.

pdns-recursor-3.5.1-1.mga3 uploaded for Cauldron.