Mageia 7: 2020-0375 Moderate: PowerDNS Memory Leak Threat
mageia
September 27, 2020
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the cont...
Summary
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an
authorized user with the ability to insert crafted records into a zone might be
able to leak the content of uninitialized memory. Such a user could be a
customer inserting data via a control panel, or somebody with access to the
REST API. Crafted records cannot be inserted via AXFR (CVE-2020-17482).
The pdns package has been updated to versoin 4.1.14, fixing this issue and
several other bugs. See the upstream changelog for details.
References
- https://bugs.mageia.org/show_bug.cgi?id=27310
- https://doc.powerdns.com/authoritative/changelog/4.1.html#change-4.1.14
- https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
- https://www.cve.org/CVERecord?id=CVE-2020-17482
Topics Covered
Resolution
SRPMS
- 7/core/pdns-4.1.14-1.mga7
PREVIOUS
NEXT
Publication date: 27 Sep 2020
URL: https://advisories.mageia.org/MGASA-2020-0375.html
Type: security
CVE: CVE-2020-17482
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!