SUSE Package Hub - openSUSE-2020-1687

Update Info

openSUSE-2020-1687

Security update for pdns-recursor

Type: security

Severity: important

Issued: 2020-10-17

Description:

This update for pdns-recursor fixes the following issues:

-pdns-recursorwas updated to 4.1.1 and 4.3.5:
   - CVE-2020-25829: Fixed a cache pollution related to DNSSEC validation (boo#1177383)
   - CVE-2020-14196: Fixed an access restriction bypass with API key and password authentication (boo#1173302).

References

CVE: CVE-2020-25829
CVE: CVE-2020-14196
Bugzilla: 1177383 VUL-0: CVE-2020-25829: pdns-recursor: PowerDNS Security Advisory 2020-07
Bugzilla: 1173302 https://bugzilla.opensuse.org/show_bug.cgi?id=1173302

Packages

pdns-recursor-4.3.5-bp152.2.12.1