{"affected":[{"ecosystem_specific":{"binaries":[{"pdns-recursor":"4.8.8-bp155.2.6.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP5","name":"pdns-recursor","purl":"pkg:rpm/suse/pdns-recursor&distro=SUSE%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.8.8-bp155.2.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"pdns-recursor":"4.8.8-bp155.2.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"pdns-recursor","purl":"pkg:rpm/opensuse/pdns-recursor&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.8.8-bp155.2.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for pdns-recursor fixes the following issues:\n\n- update to 4.8.8:\n  * fixes a case when a crafted responses can lead to a denial of\n    service in Recursor if recursive forwarding is configured\n    (boo#1223262, CVE-2024-25583)\n\n- changes in 4.8.7:\n  * If serving stale, wipe CNAME records from cache when we get\n    a NODATA negative response for them\n  * Fix the zoneToCache regression introduced by last security\n    update\n","id":"openSUSE-SU-2024:0114-1","modified":"2024-04-29T06:38:41Z","published":"2024-04-29T06:38:41Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZZH2ONXJKWNVDG6IH66D5CLFDU6CHDXI/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223262"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-25583"}],"related":["CVE-2024-25583"],"summary":"Security update for pdns-recursor","upstream":["CVE-2024-25583"]}