What Are You Looking For?

Sign Up
MGASA-2020-0286 - Updated pdns-recursor packages fix security vulnerability

Publication date: 07 Jul 2020
URL: https://advisories.mageia.org/MGASA-2020-0286.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-14196

Updated pdns-recursor package fixes security vulnerability:

An issue has been found in PowerDNS Recursor where the ACL applied to the
internal web server via webserver-allow-from is not properly enforced,
allowing a remote attacker to send HTTP queries to the internal web server,
bypassing the restriction (CVE-2020-14196).

In the default configuration the API webserver is not enabled. Only
installations using a non-default value for webserver and webserver-address 
are affected.

References:
- https://bugs.mageia.org/show_bug.cgi?id=26887
- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-04.html
- https://doc.powerdns.com/recursor/changelog/4.1.html#change-4.1.17
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14196

SRPMS:
- 7/core/pdns-recursor-4.1.17-1.mga7

Mageia 2020-0286: pdns-recursor security update

Updated pdns-recursor package fixes security vulnerability: An issue has been found in PowerDNS Recursor where the ACL applied to the internal web server via webserver-allow-from ...

Summary

Updated pdns-recursor package fixes security vulnerability:
An issue has been found in PowerDNS Recursor where the ACL applied to the internal web server via webserver-allow-from is not properly enforced, allowing a remote attacker to send HTTP queries to the internal web server, bypassing the restriction (CVE-2020-14196).
In the default configuration the API webserver is not enabled. Only installations using a non-default value for webserver and webserver-address are affected.

References

- https://bugs.mageia.org/show_bug.cgi?id=26887

- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-04.html

- https://doc.powerdns.com/recursor/changelog/4.1.html#change-4.1.17

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14196

Resolution

MGASA-2020-0286 - Updated pdns-recursor packages fix security vulnerability

SRPMS

- 7/core/pdns-recursor-4.1.17-1.mga7

Severity
Publication date: 07 Jul 2020
URL: https://advisories.mageia.org/MGASA-2020-0286.html
Type: security
CVE: CVE-2020-14196

Related News

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

Nov 25, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo