GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Dec 24, 2020 5:26 am Post subject: [ GLSA 202012-18 ] PowerDNS |
 |
|
Gentoo Linux Security Advisory
Title: PowerDNS: information disclosure (GLSA 202012-18)
Severity: low
Exploitable: remote
Date: 2020-12-23
Bug(s): #744160
ID: 202012-18
Synopsis
An information disclosure vulnerability in PowerDNS allow remote
attackers to obtain sensitive information.
Background
The PowerDNS nameserver is an authoritative-only nameserver which uses a
flexible backend architecture.
Affected Packages
Package: net-dns/pdns
Vulnerable: < 4.3.1
Unaffected: >= 4.3.1
Architectures: All supported architectures
Description
It was discovered that PowerDNS did not properly handle certain unknown
records.
Impact
An authorized attacker with the ability to insert crafted records into a
zone might be able to leak the content of uninitialized memory. Crafted
records cannot be inserted via AXFR.
Workaround
Do not take zone data from untrusted users.
Resolution
All PowerDNS users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/pdns-4.3.1"
|
References
CVE-2020-17482
PowerDNS Security Advisory 2020-05
|
|
News & Announcements
