openSUSE-SU-2019:1128-1

Опубликовано: 03 апр. 2019

Источник: suse-cvrf

Описание

Security update for pdns

This update for pdns fixes the following issue:

Security issue fixed:

CVE-2019-3871: Fixed an insufficient validation in the HTTP remote backend which could allow a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured one (bsc#1129734).

Список пакетов

SUSE Package Hub 12 SP1

pdns-4.1.2-bp150.2.6.1

pdns-backend-geoip-4.1.2-bp150.2.6.1

pdns-backend-godbc-4.1.2-bp150.2.6.1

pdns-backend-ldap-4.1.2-bp150.2.6.1

pdns-backend-lua-4.1.2-bp150.2.6.1

pdns-backend-mydns-4.1.2-bp150.2.6.1

pdns-backend-mysql-4.1.2-bp150.2.6.1

pdns-backend-postgresql-4.1.2-bp150.2.6.1

pdns-backend-remote-4.1.2-bp150.2.6.1

pdns-backend-sqlite3-4.1.2-bp150.2.6.1

SUSE Package Hub 15

pdns-4.1.2-bp150.2.6.1

pdns-backend-geoip-4.1.2-bp150.2.6.1

pdns-backend-godbc-4.1.2-bp150.2.6.1

pdns-backend-ldap-4.1.2-bp150.2.6.1

pdns-backend-lua-4.1.2-bp150.2.6.1

pdns-backend-mydns-4.1.2-bp150.2.6.1

pdns-backend-mysql-4.1.2-bp150.2.6.1

pdns-backend-postgresql-4.1.2-bp150.2.6.1

pdns-backend-remote-4.1.2-bp150.2.6.1

pdns-backend-sqlite3-4.1.2-bp150.2.6.1

openSUSE Leap 15.0

pdns-4.1.2-bp150.2.6.1

pdns-backend-geoip-4.1.2-bp150.2.6.1

pdns-backend-godbc-4.1.2-bp150.2.6.1

pdns-backend-ldap-4.1.2-bp150.2.6.1

pdns-backend-lua-4.1.2-bp150.2.6.1

pdns-backend-mydns-4.1.2-bp150.2.6.1

pdns-backend-mysql-4.1.2-bp150.2.6.1

pdns-backend-postgresql-4.1.2-bp150.2.6.1

pdns-backend-remote-4.1.2-bp150.2.6.1

pdns-backend-sqlite3-4.1.2-bp150.2.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6HWYPEI7LWADS6EXV3RDYBSB4K4WDP6U/#6HWYPEI7LWADS6EXV3RDYBSB4K4WDP6U
E-Mail link for openSUSE-SU-2019:1128-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1129734
SUSE Bug 1129734
https://www.suse.com/security/cve/CVE-2019-3871/
SUSE CVE CVE-2019-3871 page

Описание

A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response

Затронутые продукты

SUSE Package Hub 12 SP1:pdns-4.1.2-bp150.2.6.1

SUSE Package Hub 12 SP1:pdns-backend-geoip-4.1.2-bp150.2.6.1

SUSE Package Hub 12 SP1:pdns-backend-godbc-4.1.2-bp150.2.6.1

SUSE Package Hub 12 SP1:pdns-backend-ldap-4.1.2-bp150.2.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-3871.html
CVE-2019-3871
https://bugzilla.suse.com/1129734
SUSE Bug 1129734

openSUSE-SU-2019:1128-1

Описание

Список пакетов

SUSE Package Hub 12 SP1

SUSE Package Hub 15

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2019-3871

Описание

Затронутые продукты

Ссылки