Описание
Security update for pdns-recursor
This update for pdns-recursor fixes the following issues:
-pdns-recursorwas updated to 4.1.1 and 4.3.5:
- CVE-2020-25829: Fixed a cache pollution related to DNSSEC validation (boo#1177383)
- CVE-2020-14196: Fixed an access restriction bypass with API key and password authentication (boo#1173302).
Список пакетов
SUSE Package Hub 12 SP1
SUSE Package Hub 15 SP1
SUSE Package Hub 15 SP2
openSUSE Leap 15.1
openSUSE Leap 15.2
Ссылки
- E-Mail link for openSUSE-SU-2020:1687-1
- SUSE Security Ratings
- SUSE Bug 1173302
- SUSE Bug 1177383
- SUSE CVE CVE-2020-14196 page
- SUSE CVE CVE-2020-25829 page
Описание
In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.
Затронутые продукты
Ссылки
- CVE-2020-14196
- SUSE Bug 1173302
Описание
An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).
Затронутые продукты
Ссылки
- CVE-2020-25829
- SUSE Bug 1177383