[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 492-1] pdns security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : pdns
Version        : 3.1-4.1+deb7u1
CVE ID         : CVE-2014-7210

It was discovered that the maintainer scripts of pdns-backend-mysql
grant too wide database permissions for the pdns user. Other backends
are not affected.

For Debian 7 "Wheezy", these problems have been fixed in version
3.1-4.1+deb7u1.

Note that if you're running the pdns server with the mysql backend these
additional grants are not removed automatically since they might have
been added on purpose. Check

    /usr/share/doc/pdns-backend-mysql/NEWS.Debian.gz

on how to remove them.

We recommend that you upgrade your pdns packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJXSyo4AAoJEAe4t7DqmBILRL4QAITBr4V+ukLAXn4T47UgGSEV
kWJMCTPf9eh+katp4Q6PcmRfXvEVFt5jifnbXXO6YAHbp9XNR6W9f32SfdfS1Nmv
Kp9yiw9tX6bZVjpHMICwQuibKkLq5BDo8ZVsZ3GNB+2ayHNAYsXw6MyiN75woOzQ
6s8gzq/0gCqVSqlGDyqo2OME7zgIZsN0qLya2Pvky3gIDgbQ/S2Ais5uPg+FRGP6
NM9fr5C1/PqiMKsm2mJLV+mz1CjTExmolM5jS3T1QCcpKD9+F7pejMS+M9gFCxRp
9ZNePE80MMlp++/1CA+nP6dOx+hDh6MMvMyC8uNgUDqPUZPAwaoo/y4QJLKScK72
rd/i3Fi9YaCapURthjjC/yw+Xx8pWBp5HjrcgfZ1CABCvJe4PLc+jChzndKqZqRH
U9Iqbu2GyWgJofdz7x3QHNzbuIyYYAHtWDticyy6XFqTfvbKZUR1zWOE7C8Jq90u
2KZzg54MfVcHHYP1BBaQQS2LwQnOVAwon7OgdF34peTXZn00ItmGJmQywWJIkM6A
iara1LY4HrNF6dXumKgZzDrqc6PagcDDMmeeq9VA1vE9DA2Y0w73+3C4W1VBhbat
eRXq5H+Bko4nom3B6IcoHI+TV7VD0eISLKGLYuMBIUvq40BLA2Le9/0qWQ+/4itJ
OEZNAEgVuv0Ofs/Ua2uF
=rv7Y
-----END PGP SIGNATURE-----


Reply to: