Bug 1177383 - (CVE-2020-25829) VUL-0: CVE-2020-25829: pdns-recursor: PowerDNS Security Advisory 2020-07
(CVE-2020-25829)
VUL-0: CVE-2020-25829: pdns-recursor: PowerDNS Security Advisory 2020-07
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.1
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/268833/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-10-06 13:58 UTC by Wolfgang Frisch
Modified: 2022-03-29 09:50 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 6 Wolfgang Frisch 2020-10-13 11:28:25 UTC
via oss-security:

Hello!,

Today we are releasing PowerDNS Recursor 4.3.5, 4.2.5. and 4.1.18,
containing a security fix for CVE-2020-25829[1]:

An issue has been found in PowerDNS Recursor where a remote attacker
can cause the cached records for a given name to be updated to the
Bogus DNSSEC validation state, instead of their actual DNSSEC Secure
state, via a DNS ANY query. This results in a denial of service for
installations that always validate (dnssec=validate) and for clients
requesting validation when on-demand validation is enabled
(dnssec=process). The severity is high for these cases.

As usual, there were also other smaller enhancements and
bugfixes. Please refer to the 4.3.5 changelog[2], 4.2.5 changelog[3]
and 4.1.18 changelog[4] for details.

The 4.3.5 tarball[5] (signature[6]), 4.2.5 tarball[7] (signature[8])
and 4.1.18 tarball[9] (signature[10]) are available at our download
site[11] and packages for CentOS 6, 7 and 8, Debian Stretch and
Buster, Ubuntu Xenial and Bionic are available from our
repository[12].

4.0 and older releases are EOL, refer to the documentation[13] for details
about our release cycles.

Please send us all feedback and issues you might have via the mailing
list[14], or in case of a bug, via GitHub[15].

Regards,

 -Otto and the PowerDNS Team
Comment 8 OBSbugzilla Bot 2020-10-13 13:00:07 UTC
This is an autogenerated message for OBS integration:
This bug (1177383) was mentioned in
https://build.opensuse.org/request/show/841527 Factory / pdns-recursor
https://build.opensuse.org/request/show/841535 15.1+15.2+Backports:SLE-12-SP1+Backports:SLE-15-SP1+Backports:SLE-15-SP2 / pdns-recursor
Comment 9 Adam Majer 2020-10-13 13:03:35 UTC
submitted to all affected codestreams. Re-assigning back to security for tracking purposes.
Comment 10 Swamp Workflow Management 2020-10-17 19:16:17 UTC
openSUSE-SU-2020:1687-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1173302,1177383
CVE References: CVE-2020-14196,CVE-2020-25829
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    pdns-recursor-4.3.5-lp152.2.6.1
openSUSE Leap 15.1 (src):    pdns-recursor-4.1.12-lp151.3.9.1
openSUSE Backports SLE-15-SP2 (src):    pdns-recursor-4.3.5-bp152.2.12.1
openSUSE Backports SLE-15-SP1 (src):    pdns-recursor-4.1.12-bp151.4.9.1
Comment 11 Swamp Workflow Management 2020-10-17 19:17:22 UTC
openSUSE-SU-2020:1687-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1173302,1177383
CVE References: CVE-2020-14196,CVE-2020-25829
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    pdns-recursor-4.3.5-lp152.2.6.1
openSUSE Leap 15.1 (src):    pdns-recursor-4.1.12-lp151.3.9.1
openSUSE Backports SLE-15-SP2 (src):    pdns-recursor-4.3.5-bp152.2.12.1
openSUSE Backports SLE-15-SP1 (src):    pdns-recursor-4.1.12-bp151.4.9.1
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    pdns-recursor-4.1.18-25.1
Comment 12 Alexandros Toptsoglou 2020-10-27 16:05:24 UTC
Done
Comment 13 OBSbugzilla Bot 2022-03-29 09:50:29 UTC
This is an autogenerated message for OBS integration:
This bug (1177383) was mentioned in
https://build.opensuse.org/request/show/965588 Backports:SLE-12-SP4 / pdns-recursor