Updated pdns packages fix security vulnerability
Publication date: 29 Mar 2019Modification date: 29 Mar 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-3871
Description
Updated pdns packages fix security vulnerability: An issue has been found in PowerDNS Authoritative Server when the HTTP remote backend is used in RESTful mode (without post=1 set), allowing a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured one, via a crafted DNS query. This can be used to cause a denial of service by preventing the remote backend from getting a response, content spoofing if the attacker can time its own query so that subsequent queries will use an attacker-controlled HTTP server instead of the configured one, and possibly information disclosure if the Authoritative Server has access to internal servers (CVE-2019-3871).
References
SRPMS
6/core
- pdns-4.1.7-1.mga6