SUSE Package Hub - openSUSE-2020-698

Update Info

openSUSE-2020-698

Security update for pdns-recursor

Type: security

Severity: moderate

Issued: 2020-05-23

Description:

This update for pdns-recursor fixes the following issues:

- update to 4.1.16
  * fixes an issue where records in the answer section of
    a NXDOMAIN response lacking an SOA were not properly validated
    (CVE-2020-12244, boo#1171553)
  * fixes an issue where invalid hostname on the server can result in
    disclosure of invalid memory (CVE-2020-10030, boo#1171553)
  * fixes an issue in the DNS protocol has been found that allows
    malicious parties to use recursive DNS services to attack third
    party authoritative name servers (CVE-2020-10995, boo#1171553)

For details see
https://doc.powerdns.com/recursor/changelog/4.1.html#change-4.1.16

References

CVE: CVE-2020-12244
CVE: CVE-2020-10995
CVE: CVE-2020-10030
Bugzilla: 1171553 VUL-0: CVE-2020-10030,CVE-2020-10995,CVE-2020-12244: pdns-recursor: Multiple vulnerabilities

Packages

pdns-recursor-4.1.12-bp151.4.3.1