Bug 278564
| Summary: | dns/powerdns-recursor: update to 5.0.4 (fixes CVE-2024-25583) | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Ralf van der Enden <tremere> | ||||||
| Component: | Individual Port(s) | Assignee: | Fernando Apesteguía <fernape> | ||||||
| Status: | Closed FIXED | ||||||||
| Severity: | Affects Many People | CC: | fernape, ports-secteam | ||||||
| Priority: | --- | Flags: | fernape:
merge-quarterly+
|
||||||
| Version: | Latest | ||||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| URL: | https://blog.powerdns.com/2024/04/24/powerdns-recursor-4-8-8-4-9-5-5-0-4-released | ||||||||
| Attachments: |
|
||||||||
|
Description
Ralf van der Enden
2024-04-24 13:05:35 UTC
Created attachment 250200 [details]
Update PowerDNS Recursor to 5.0.4 (fixes CVE-2024-25583)
Created attachment 250202 [details]
Add entry to VuXML for powerdns-recursor
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=9466b58e054bd1b86a4610a22cb7258f1567117c commit 9466b58e054bd1b86a4610a22cb7258f1567117c Author: Fernando Apesteguía <fernape@FreeBSD.org> AuthorDate: 2024-04-29 06:48:04 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2024-04-29 06:49:31 +0000 security/vuxml: Add powerdns-recursor DOS * CVE-2024-25583 A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected. PR: 278564 security/vuxml/vuln/2024.xml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=f6a57fcd8166af312bf8f3002253f0f0b8344875 commit f6a57fcd8166af312bf8f3002253f0f0b8344875 Author: Ralf van der Enden <tremere@cainites.net> AuthorDate: 2024-04-29 06:43:52 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2024-04-29 16:22:06 +0000 dns/powerdns-recursor: update to 5.0.4 (CVE-2024-25583) ChangeLog: https://blog.powerdns.com/2024/04/24/powerdns-recursor-4-8-8-4-9-5-5-0-4-released * Base Score: 7.5 HIGH * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H PR: 278564 Reported by: tremere@cainites.net (maintainer) MFH: 2024Q2 (security fix) Security: CVE-2024-25583 dns/powerdns-recursor/Makefile | 2 +- dns/powerdns-recursor/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) A commit in branch 2024Q2 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=aa8ab57da0b25ce2d03706e825e778a03ba17438 commit aa8ab57da0b25ce2d03706e825e778a03ba17438 Author: Ralf van der Enden <tremere@cainites.net> AuthorDate: 2024-04-29 06:43:52 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2024-04-29 16:24:23 +0000 dns/powerdns-recursor: update to 5.0.4 (CVE-2024-25583) ChangeLog: https://blog.powerdns.com/2024/04/24/powerdns-recursor-4-8-8-4-9-5-5-0-4-released * Base Score: 7.5 HIGH * Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H PR: 278564 Reported by: tremere@cainites.net (maintainer) MFH: 2024Q2 (security fix) Security: CVE-2024-25583 (cherry picked from commit f6a57fcd8166af312bf8f3002253f0f0b8344875) dns/powerdns-recursor/Makefile | 2 +- dns/powerdns-recursor/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) Committed and merged to 2024Q2. Thanks! |
