Mageia 2020-0375: pdns security update | LinuxSecurity.com
MGASA-2020-0375 - Updated pdns packages fix security vulnerability

Publication date: 27 Sep 2020
URL: https://advisories.mageia.org/MGASA-2020-0375.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-17482

An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an
authorized user with the ability to insert crafted records into a zone might be
able to leak the content of uninitialized memory. Such a user could be a
customer inserting data via a control panel, or somebody with access to the
REST API. Crafted records cannot be inserted via AXFR (CVE-2020-17482).

The pdns package has been updated to versoin 4.1.14, fixing this issue and
several other bugs.  See the upstream changelog for details.

References:
- https://bugs.mageia.org/show_bug.cgi?id=27310
- https://doc.powerdns.com/authoritative/changelog/4.1.html#change-4.1.14
- https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17482

SRPMS:
- 7/core/pdns-4.1.14-1.mga7

Mageia 2020-0375: pdns security update

An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the cont...

Summary

An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. Such a user could be a customer inserting data via a control panel, or somebody with access to the REST API. Crafted records cannot be inserted via AXFR (CVE-2020-17482).
The pdns package has been updated to versoin 4.1.14, fixing this issue and several other bugs. See the upstream changelog for details.

References

- https://bugs.mageia.org/show_bug.cgi?id=27310

- https://doc.powerdns.com/authoritative/changelog/4.1.html#change-4.1.14

- https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17482

Resolution

MGASA-2020-0375 - Updated pdns packages fix security vulnerability

SRPMS

- 7/core/pdns-4.1.14-1.mga7

Severity
Publication date: 27 Sep 2020
URL: https://advisories.mageia.org/MGASA-2020-0375.html
Type: security
CVE: CVE-2020-17482

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.