| Summary: | pdns new security issue CVE-2020-17482 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, herman.viaene, ouaurelien, sysadmin-bugs |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | pdns-4.1.8-1.mga7.src.rpm | CVE: | |
| Status comment: | |||
| Bug Depends on: | |||
| Bug Blocks: | 24994 | ||
|
Description
David Walser
2020-09-23 01:07:32 CEST
David Walser
2020-09-23 01:07:39 CEST
Whiteboard:
(none) =>
MGA7TOO Hi, thanks reporting this, Assigning to registered maintainers. Assignee:
bugsquad =>
mitya Advisory: ======================== Updated pdns packages fix security vulnerability: An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. Such a user could be a customer inserting data via a control panel, or somebody with access to the REST API. Crafted records cannot be inserted via AXFR (CVE-2020-17482). The pdns package has been updated to versoin 4.1.14, fixing this issue and several other bugs. See the upstream changelog for details. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17482 https://doc.powerdns.com/authoritative/changelog/4.1.html#change-4.1.14 https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html ======================== Updated packages in core/updates_testing: ======================== pdns-4.1.14-1.mga7 pdns-backend-pipe-4.1.14-1.mga7 pdns-backend-mysql-4.1.14-1.mga7 pdns-backend-pgsql-4.1.14-1.mga7 pdns-backend-ldap-4.1.14-1.mga7 pdns-backend-sqlite-4.1.14-1.mga7 pdns-backend-geoip-4.1.14-1.mga7 from pdns-4.1.14-1.mga7.src.rpm Keywords:
Triaged =>
(none) MGA7-64 Plasma on Lenovo B50
No installation issues.
Ref bug 254531 for tests
After editing /etc/powerdns/pdns.conf
# systemctl start pdns
# systemctl -l status pdns
● pdns.service - PowerDNS Authoritative Server
Loaded: loaded (/usr/lib/systemd/system/pdns.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2020-09-24 15:04:14 CEST; 26s ago
Docs: man:pdns_server(1)
man:pdns_control(1)
https://doc.powerdns.com
Main PID: 1103 (pdns_server)
Tasks: 8 (limit: 4915)
Memory: 4.4M
CGroup: /system.slice/pdns.service
└─1103 /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
Sep 24 15:04:12 mach5.hviaene.thuis pdns_server[1103]: UDP server bound to 0.0.0.0:53
Sep 24 15:04:12 mach5.hviaene.thuis pdns_server[1103]: TCP server bound to 0.0.0.0:53
Sep 24 15:04:12 mach5.hviaene.thuis pdns_server[1103]: PowerDNS Authoritative Server 4.1.14 (C) 2001-2018 PowerDNS.COM BV
Sep 24 15:04:12 mach5.hviaene.thuis pdns_server[1103]: Using 64-bits mode. Built using gcc 8.4.0.
Sep 24 15:04:12 mach5.hviaene.thuis pdns_server[1103]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it accor>
Sep 24 15:04:14 mach5.hviaene.thuis pdns_server[1103]: Polled security status of version 4.1.14 at startup, no known issues reported: OK
Sep 24 15:04:14 mach5.hviaene.thuis pdns_server[1103]: Creating backend connection for TCP
Sep 24 15:04:14 mach5.hviaene.thuis pdns_server[1103]: About to create 3 backend threads for UDP
Sep 24 15:04:14 mach5.hviaene.thuis systemd[1]: Started PowerDNS Authoritative Server.
Sep 24 15:04:14 mach5.hviaene.thuis pdns_server[1103]: Done launching threads, ready to distribute questions
# netstat -pantu | grep pdns
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 1103/pdns_server
udp 0 0 0.0.0.0:53 0.0.0.0:* 1103/pdns_server
$ dig mageia.org @127.0.0.1
; <<>> DiG 9.11.6Mageia-1.1.mga7 <<>> mageia.org @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 20642
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;mageia.org. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Sep 24 15:11:51 CEST 2020
;; MSG SIZE rcvd: 39
Same as earlier, so OK for me.CC:
(none) =>
herman.viaene Validating. Advisory in Comment 2. CC:
(none) =>
andrewsfarm, sysadmin-bugs
Aurelien Oudelet
2020-09-27 19:35:19 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0375.html Status:
NEW =>
RESOLVED
David Walser
2020-10-13 15:56:47 CEST
Blocks:
(none) =>
24994 I updated the SVN advisory for this bug to include the info from Bug 24994, so the wiki advisory should get updated the next time the script is run. However, there is some manual intervention required by sysadmins due to one of the CVEs in Bug 24994 (but only when pdns is used with postgresql, so it doesn't affect *everyone*) that should have been included in the advisory. It's there now, but for those only reading the updates-announce list, they won't see that. Is there a way the e-mail for this advisory could be re-generated with the updated advisory and re-sent to the updates-announce list? Email advisory has been resent and received via updates-announce. https://advisories.mageia.org/MGASA-2020-0375.html |