Bugzilla – Bug 1177383
VUL-0: CVE-2020-25829: pdns-recursor: PowerDNS Security Advisory 2020-07
Last modified: 2022-03-29 09:50:29 UTC
via oss-security: Hello!, Today we are releasing PowerDNS Recursor 4.3.5, 4.2.5. and 4.1.18, containing a security fix for CVE-2020-25829[1]: An issue has been found in PowerDNS Recursor where a remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installations that always validate (dnssec=validate) and for clients requesting validation when on-demand validation is enabled (dnssec=process). The severity is high for these cases. As usual, there were also other smaller enhancements and bugfixes. Please refer to the 4.3.5 changelog[2], 4.2.5 changelog[3] and 4.1.18 changelog[4] for details. The 4.3.5 tarball[5] (signature[6]), 4.2.5 tarball[7] (signature[8]) and 4.1.18 tarball[9] (signature[10]) are available at our download site[11] and packages for CentOS 6, 7 and 8, Debian Stretch and Buster, Ubuntu Xenial and Bionic are available from our repository[12]. 4.0 and older releases are EOL, refer to the documentation[13] for details about our release cycles. Please send us all feedback and issues you might have via the mailing list[14], or in case of a bug, via GitHub[15]. Regards, -Otto and the PowerDNS Team
[1] https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html [2] https://doc.powerdns.com/recursor/changelog/4.3.html#change-4.3.5 [3] https://doc.powerdns.com/recursor/changelog/4.2.html#change-4.2.5 [4] https://doc.powerdns.com/recursor/changelog/4.1.html#change-4.1.18 [5] https://downloads.powerdns.com/releases/pdns-recursor-4.3.5.tar.bz2 [6] https://downloads.powerdns.com/releases/pdns-recursor-4.3.5.tar.bz2.sig [7] https://downloads.powerdns.com/releases/pdns-recursor-4.2.5.tar.bz2 [8] https://downloads.powerdns.com/releases/pdns-recursor-4.2.5.tar.bz2.sig [9] https://downloads.powerdns.com/releases/pdns-recursor-4.1.18.tar.bz2 [10] https://downloads.powerdns.com/releases/pdns-recursor-4.1.18.tar.bz2.sig [11] https://downloads.powerdns.com/releases/ [12] https://repo.powerdns.com/ [13] https://docs.powerdns.com/recursor/appendices/EOL.html [14] https://mailman.powerdns.com/mailman/listinfo/pdns-users [15] https://github.com/PowerDNS/pdns/issues/new/choose
This is an autogenerated message for OBS integration: This bug (1177383) was mentioned in https://build.opensuse.org/request/show/841527 Factory / pdns-recursor https://build.opensuse.org/request/show/841535 15.1+15.2+Backports:SLE-12-SP1+Backports:SLE-15-SP1+Backports:SLE-15-SP2 / pdns-recursor
submitted to all affected codestreams. Re-assigning back to security for tracking purposes.
openSUSE-SU-2020:1687-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1173302,1177383 CVE References: CVE-2020-14196,CVE-2020-25829 JIRA References: Sources used: openSUSE Leap 15.2 (src): pdns-recursor-4.3.5-lp152.2.6.1 openSUSE Leap 15.1 (src): pdns-recursor-4.1.12-lp151.3.9.1 openSUSE Backports SLE-15-SP2 (src): pdns-recursor-4.3.5-bp152.2.12.1 openSUSE Backports SLE-15-SP1 (src): pdns-recursor-4.1.12-bp151.4.9.1
openSUSE-SU-2020:1687-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1173302,1177383 CVE References: CVE-2020-14196,CVE-2020-25829 JIRA References: Sources used: openSUSE Leap 15.2 (src): pdns-recursor-4.3.5-lp152.2.6.1 openSUSE Leap 15.1 (src): pdns-recursor-4.1.12-lp151.3.9.1 openSUSE Backports SLE-15-SP2 (src): pdns-recursor-4.3.5-bp152.2.12.1 openSUSE Backports SLE-15-SP1 (src): pdns-recursor-4.1.12-bp151.4.9.1 SUSE Package Hub for SUSE Linux Enterprise 12 (src): pdns-recursor-4.1.18-25.1
Done
This is an autogenerated message for OBS integration: This bug (1177383) was mentioned in https://build.opensuse.org/request/show/965588 Backports:SLE-12-SP4 / pdns-recursor