Updated pdns-recursor package fixes security vulnerability
Publication date: 24 May 2018Modification date: 24 May 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1000003
Description
An issue has been found in the DNSSEC validation component of PowerDNS
Recursor, allowing an ancestor delegation NSEC or NSEC3 record to be
used to wrongfully prove the non-existence of a RR below the owner name
of that record. This would allow an attacker in position of
man-in-the-middle to send a NXDOMAIN answer for a name that does exist
(CVE-2018-1000003).
References
- https://bugs.mageia.org/show_bug.cgi?id=22935
- https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-01.html
- https://blog.powerdns.com/2018/03/29/powerdns-recursor-4-1-2-released/
- https://lists.opensuse.org/opensuse-updates/2018-04/msg00033.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000003
SRPMS
6/core
- pdns-recursor-4.1.2-3.mga6