Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia: Moderate Advisory 2020-0393 for pdns-recursor Remote DoS Flaw

mageia
Calendar Grey October 24, 2020
Dist Mageia Esm H88
Mageia has released an update for the pdns-recursor package to fix a critical remote code execution vulnerability that could be exploited by attackers
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5

Summary

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process). (CVE-2020-25829)

References

- https://bugs.mageia.org/show_bug.cgi?id=27400

- https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html

- https://doc.powerdns.com/recursor/changelog/4.1.html#change-4.1.18

- https://www.cve.org/CVERecord?id=CVE-2020-25829

Topics%20covered

Topics Covered

security advisory denial of service remote attack pdns-recursor mageia

Resolution

SRPMS

- 7/core/pdns-recursor-4.1.18-1.mga7

Publication date: 24 Oct 2020
URL: https://advisories.mageia.org/MGASA-2020-0393.html
Type: security
CVE: CVE-2020-25829

Topics%20covered

Topics Covered

security advisory denial of service remote attack pdns-recursor mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here