Advisories ยป MGASA-2019-0122

Updated pdns packages fix security vulnerability

Publication date: 29 Mar 2019
Modification date: 29 Mar 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-3871

Description

Updated pdns packages fix security vulnerability:

An issue has been found in PowerDNS Authoritative Server when the HTTP
remote backend is used in RESTful mode (without post=1 set), allowing a
remote user to cause the HTTP backend to connect to an attacker-specified
host instead of the configured one, via a crafted DNS query. This can be
used to cause a denial of service by preventing the remote backend from
getting a response, content spoofing if the attacker can time its own
query so that subsequent queries will use an attacker-controlled HTTP
server instead of the configured one, and possibly information disclosure
if the Authoritative Server has access to internal servers (CVE-2019-3871).
                

References

SRPMS

6/core