Bug 9944 - pdns-recursor new security issue CVE-2012-1193
Summary: pdns-recursor new security issue CVE-2012-1193
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: i586 Linux
Priority: Normal major
Target Milestone: ---
Assignee: Oden Eriksson
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/548961/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-05-01 21:38 CEST by David Walser
Modified: 2013-05-05 01:27 CEST (History)
0 users

See Also:
Source RPM: pdns-3.2-3.mga3.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2013-05-01 21:38:22 CEST 
Fedora has issued an advisory on April 22:
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104177.html

pdns-recursor is built from our pdns SRPM, which bundles pdns-recursor 3.3 with it (looks like it was added by Oden during the Mageia 3 development cycle).  3.3 is the affected version, and it's fixed in pdns-recursor 3.5 upstream:
http://doc.powerdns.com/html/changelog.html#changelog-recursor-3.5

Reproducible: 

Steps to Reproduce:
Comment 1 Oden Eriksson 2013-05-04 09:15:38 CEST 
Fixed in svn for cauldron. Someone has to submit pdns and pdns-recursor.
Comment 2 David Walser 2013-05-05 00:18:29 CEST 
Fixed in pdns-3.2-4.mga3 by removing the bundled pdns-recursor.

Oden, the pdns-recursor in SVN is messed up, as it doesn't have a sha1.lst file.  If you created that SVN directory by hand, probably better to remove it and recreate it by creating an SRPM locally and importing that.  I guess pdns-recursor can be pushed once you fix it.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 3 David Walser 2013-05-05 01:27:51 CEST 
Nevermind, Thomas Backlund fixed pdns-recursor.

pdns-recursor-3.5.1-1.mga3 uploaded for Cauldron.
Note You need to log in before you can comment on or make changes to this bug.