openSUSE Security Update : pdns (openSUSE-2020-1556)

medium Nessus Plugin ID 141076

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for pdns fixes the following issues :

	 - Build with libmaxminddb instead of the obsolete GeoIP (boo#1156196)

- CVE-2020-17482: Fixed an error that can result in leaking of uninitialised memory through crafted zone records (boo#1176535)

- Backported compilation fix vs. latest Boost 1.74 (boo#1176312)

Solution

Update the affected pdns packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1156196

https://bugzilla.opensuse.org/show_bug.cgi?id=1176312

https://bugzilla.opensuse.org/show_bug.cgi?id=1176535

Plugin Details

Severity: Medium

ID: 141076

File Name: openSUSE-2020-1556.nasl

Version: 1.5

Type: local

Agent: unix

Published: 9/30/2020

Updated: 2/16/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2020-17482

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:pdns-backend-sqlite3, cpe:/o:novell:opensuse:15.1, p-cpe:/a:novell:opensuse:pdns-backend-postgresql-debuginfo, p-cpe:/a:novell:opensuse:pdns-backend-ldap-debuginfo, p-cpe:/a:novell:opensuse:pdns-backend-mydns-debuginfo, p-cpe:/a:novell:opensuse:pdns-backend-remote-debuginfo, p-cpe:/a:novell:opensuse:pdns-backend-remote, p-cpe:/a:novell:opensuse:pdns-backend-geoip-debuginfo, p-cpe:/a:novell:opensuse:pdns-backend-mydns, p-cpe:/a:novell:opensuse:pdns-backend-mysql, p-cpe:/a:novell:opensuse:pdns-backend-mysql-debuginfo, p-cpe:/a:novell:opensuse:pdns-backend-geoip, p-cpe:/a:novell:opensuse:pdns-backend-lua-debuginfo, p-cpe:/a:novell:opensuse:pdns-debuginfo, p-cpe:/a:novell:opensuse:pdns-backend-ldap, p-cpe:/a:novell:opensuse:pdns-backend-postgresql, p-cpe:/a:novell:opensuse:pdns, p-cpe:/a:novell:opensuse:pdns-backend-sqlite3-debuginfo, p-cpe:/a:novell:opensuse:pdns-debugsource, cpe:/o:novell:opensuse:15.2, p-cpe:/a:novell:opensuse:pdns-backend-godbc-debuginfo, p-cpe:/a:novell:opensuse:pdns-backend-godbc, p-cpe:/a:novell:opensuse:pdns-backend-lua

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/27/2020

Vulnerability Publication Date: 10/2/2020

Reference Information

CVE: CVE-2020-17482