Mageia: 2019-0051 Moderate Security Advisory for PowerDNS Recursor
mageia
January 23, 2019
An issue has been found in PowerDNS Recursor where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing secu...
Summary
An issue has been found in PowerDNS Recursor where Lua hooks are not
properly applied to queries received over TCP in some specific
combination of settings, possibly bypassing security policies enforced
using Lua (CVE-2019-3806).
An issue has been found in PowerDNS Recursor where records in the answer
section of responses received from authoritative servers with the AA
flag not set were not properly validated, allowing an attacker to bypass
DNSSEC validation (CVE-2019-3807).
References
- https://bugs.mageia.org/show_bug.cgi?id=24218
- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html
- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html
- https://www.cve.org/CVERecord?id=CVE-2019-3806
- https://www.cve.org/CVERecord?id=CVE-2019-3807
Topics Covered
Resolution
SRPMS
- 6/core/pdns-recursor-4.1.9-1.mga6
PREVIOUS
NEXT
Publication date: 23 Jan 2019
URL: https://advisories.mageia.org/MGASA-2019-0051.html
Type: security
CVE: CVE-2019-3806,
CVE-2019-3807
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!