Page MenuHomePhabricator

Powerdns Recursor out of date and CVE-2018-10851
Closed, ResolvedPublic

Description

hi,

VyOS 1.2.0-EPA2 includes pdns-recursor 4.0.4-1+deb9u3~bpo8+1. If I read the Debian Changelog on

https://metadata.ftp-master.debian.org/changelogs/main/p/pdns-recursor/pdns-recursor_4.0.4-1+deb9u3~bpo8+1_changelog

right we should have some security bugs open:

https://blog.powerdns.com/2018/11/06/powerdns-authoritative-server-4-0-6-4-1-5-and-recursor-4-0-9-4-1-5-released/

"Recursor 4.0.9

This release fixes the following security advisories:

PowerDNS Security Advisory 2018-04 (CVE-2018-10851)
PowerDNS Security Advisory 2018-06 (CVE-2018-14626)
PowerDNS Security Advisory 2018-07 (CVE-2018-14644)

"

It is fixed in the lates powerdns recursor 4.0.9 or we should update direct to 4.1 releases.

Details

Difficulty level
Unknown (require assessment)
Version
1.2.0-EPA2
Why the issue appeared?
Will be filled on close

Event Timeline

rherold created this task.Jan 6 2019, 9:13 PM
rherold created this object in space S1 VyOS Public.
syncer closed this task as Resolved.Jan 12 2019, 7:04 PM
syncer assigned this task to dmbaturin.
syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-EPA3) board.
syncer added a subscriber: syncer.

recursor was upgraded