OPENSUSE-SU-2022:0105-1

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2022-27227

Published: 07 Apr 2022, 04:02

Last modified:04 Feb 2026, 02:17

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

07 Apr 2022, 04:02

Published

Vulnerability first disclosed

04 Feb 2026, 02:17

Last Modified

Vulnerability information updated

Description

Security update for pdns-recursor This update for pdns-recursor fixes the following issues: - CVE-2022-27227: Fixed incomplete validation of incoming IXFR transfers. It applies to setups retrieving one or more RPZ zones from a remote server if the network path to the server is not trusted. (boo#1197525)

Affected Systems

opensuse•pdns-recursor&distro=openSUSE Leap 15.3
< 4.3.5-bp153.2.3.1
suse•pdns-recursor&distro=SUSE Package Hub 15 SP3
< 4.3.5-bp153.2.3.1

References (3)

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/42XLX5GUN36HINIJX75C5RSFWMGRN4OW/
https://bugzilla.suse.com/1197525
https://www.suse.com/security/cve/CVE-2022-27227