582e216d84
- Please note: to fix CVE-2019-10203, upgrading is not enough Manually apply the schema change: ALTER TABLE domains ALTER notified_serial TYPE bigint USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END; PR: 239850 Submitted by: Ralf van der Enden <tremere@cainites.net> (maintainer) MFH: 2019Q3 Relnotes: https://doc.powerdns.com/authoritative/changelog/4.2.html http://blog.powerdns.com/2019/08/29/powerdns-authoritative-server-4-2-0/ Security: CVE-2019-10203
43 lines
995 B
Bash
43 lines
995 B
Bash
#! /bin/sh
|
|
|
|
# $FreeBSD$
|
|
|
|
PATH=/bin:/usr/bin:/usr/sbin
|
|
|
|
securitywarning() {
|
|
cat <<EOF
|
|
|
|
=== IMPORTANT FOR GPGSQL BACKEND USERS! ===
|
|
The following only impacts anyone using the
|
|
gpgsql (PostgreSQL) backend:
|
|
|
|
An issue has been found in PowerDNS
|
|
Authoritative Server allowing an authorized
|
|
user to cause the server to exit by
|
|
inserting a crafted record in a MASTER type
|
|
zone under their control. The issue is due
|
|
to the fact that the Authoritative Server
|
|
will exit when it tries to store the
|
|
notified serial in the PostgreSQL database,
|
|
if this serial cannot be represented in 31
|
|
bits.
|
|
|
|
To fix the issue, run the following command
|
|
against your PostgreSQL pdns database:
|
|
|
|
ALTER TABLE domains ALTER notified_serial
|
|
TYPE bigint USING CASE WHEN notified_serial
|
|
>= 0 THEN notified_serial::bigint END;
|
|
|
|
No software changes are required.
|
|
===========================================
|
|
EOF
|
|
}
|
|
|
|
case $2 in
|
|
PRE-INSTALL)
|
|
securitywarning
|
|
sleep 5
|
|
;;
|
|
esac
|