Bug 26645 - pdns-recursor new security issues CVE-2020-10995, CVE-2020-12244
Summary: pdns-recursor new security issues CVE-2020-10995, CVE-2020-12244
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-05-19 19:31 CEST by David Walser
Modified: 2020-05-24 20:06 CEST (History)
5 users (show)

See Also:
Source RPM: pdns-recursor-4.2.1-5.mga8.src.rpm, pdns-recursor-4.1.12-1.mga7.src.rpm
CVE:
Status comment:


Attachments

David Walser 2020-05-19 19:31:55 CEST

Whiteboard: (none) => MGA7TOO
Status comment: (none) => Fixed upstream in 4.1.16 and 4.2.2

Nicolas Lécureuil 2020-05-19 22:35:47 CEST

CC: (none) => mageia
Whiteboard: MGA7TOO => (none)

Comment 1 Nicolas Lécureuil 2020-05-19 22:47:57 CEST
Pushed in updates testing.

Advisory:
========================

Updated pdns-recursor packages fix security vulnerability:
Backport of security fixes for CVE-2020-10995, CVE-2020-12244 and CVE-2020-10030, plus avoid a crash when loading an invalid RPZ.

References:
https://www.openwall.com/lists/oss-security/2020/05/19/3
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-03.html
https://doc.powerdns.com/recursor/changelog/4.1.html#change-4.1.16

Updated packages in core/updates_testing:
========================
pdns-recursor-4.1.16-1.mga7
pdns-recursor-debugsource-4.1.16-1.mga7
pdns-recursor-debuginfo-4.1.16-1.mga7

from: pdns-recursor-4.1.16-1.mga7

Assignee: bugsquad => qa-bugs

David Walser 2020-05-19 23:51:37 CEST

Status comment: Fixed upstream in 4.1.16 and 4.2.2 => (none)

David Walser 2020-05-19 23:53:53 CEST

CC: (none) => qa-bugs
Version: 7 => Cauldron
QA Contact: (none) => security
Assignee: qa-bugs => mageia
Whiteboard: (none) => MGA7TOO
Status comment: (none) => Build failed in Cauldron

Comment 3 Nicolas Lécureuil 2020-05-20 08:40:28 CEST
fixed by david :-)

Assignee: mageia => qa-bugs

Comment 4 Herman Viaene 2020-05-20 13:34:31 CEST
MGA7-64 Plasma on Lenovo B50
No installation issues. Installing pdns in addition to follow test prodedure below.
Ref bug 24218 for testing.
#  systemctl  stop dnsmasq
Failed to stop dnsmasq.service: Unit dnsmasq.service not loaded.

# systemctl  start pdns

# systemctl -l status pdns
● pdns.service - PowerDNS Authoritative Server
   Loaded: loaded (/usr/lib/systemd/system/pdns.service; disabled; vendor preset: disabled)
   Active: active (running) since Wed 2020-05-20 13:25:26 CEST; 16s ago
     Docs: man:pdns_server(1)
           man:pdns_control(1)
           https://doc.powerdns.com
 Main PID: 19933 (pdns_server)
    Tasks: 8 (limit: 4915)
   Memory: 4.1M
   CGroup: /system.slice/pdns.service
           └─19933 /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no

May 20 13:25:26 mach5.hviaene.thuis pdns_server[19933]: TCP server bound to 0.0.0.0:53
May 20 13:25:26 mach5.hviaene.thuis pdns_server[19933]: TCPv6 server bound to [::]:53
May 20 13:25:26 mach5.hviaene.thuis pdns_server[19933]: PowerDNS Authoritative Server 4.1.8 (C) 2001-2018 PowerDNS.COM BV
May 20 13:25:26 mach5.hviaene.thuis pdns_server[19933]: Using 64-bits mode. Built using gcc 8.3.1 20190510.
May 20 13:25:26 mach5.hviaene.thuis pdns_server[19933]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software,>
May 20 13:25:26 mach5.hviaene.thuis pdns_server[19933]: PowerDNS Security Update Mandatory: Upgrade now, see https://doc.p>
May 20 13:25:26 mach5.hviaene.thuis pdns_server[19933]: Creating backend connection for TCP
May 20 13:25:26 mach5.hviaene.thuis systemd[1]: Started PowerDNS Authoritative Server.
May 20 13:25:26 mach5.hviaene.thuis pdns_server[19933]: About to create 3 backend threads for UDP
May 20 13:25:26 mach5.hviaene.thuis pdns_server[19933]: Done launching threads, ready to distribute questions

# systemctl start pdns-recursor

# systemctl -l status pdns-recursor
● pdns-recursor.service - PowerDNS Recursor
   Loaded: loaded (/usr/lib/systemd/system/pdns-recursor.service; disabled; vendor preset: disabled)
   Active: active (running) since Wed 2020-05-20 13:26:13 CEST; 16s ago
     Docs: man:pdns_recursor(1)
           man:rec_control(1)
           https://doc.powerdns.com
 Main PID: 22509 (pdns_recursor)
    Tasks: 5 (limit: 4915)
   Memory: 4.3M
   CGroup: /system.slice/pdns-recursor.service
           └─22509 /usr/sbin/pdns_recursor --daemon=no --write-pid=no --disable-syslog --log-timestamp=no

May 20 13:26:13 mach5.hviaene.thuis pdns_recursor[22509]: Listening for UDP queries on 127.0.0.1:5300
May 20 13:26:13 mach5.hviaene.thuis pdns_recursor[22509]: Enabled TCP data-ready filter for (slight) DoS protection
May 20 13:26:13 mach5.hviaene.thuis pdns_recursor[22509]: Listening for TCP queries on 127.0.0.1:5300
May 20 13:26:13 mach5.hviaene.thuis pdns_recursor[22509]: Set effective group id to 950
May 20 13:26:13 mach5.hviaene.thuis pdns_recursor[22509]: Set effective user id to 951
May 20 13:26:13 mach5.hviaene.thuis pdns_recursor[22509]: Launching 3 threads
May 20 13:26:13 mach5.hviaene.thuis pdns_recursor[22509]: Done priming cache with root hints
May 20 13:26:13 mach5.hviaene.thuis pdns_recursor[22509]: Enabled 'epoll' multiplexer
May 20 13:26:13 mach5.hviaene.thuis pdns_recursor[22509]: Done priming cache with root hints
May 20 13:26:13 mach5.hviaene.thuis systemd[1]: Started PowerDNS Recursor.

# netstat -pantu | grep pdns
tcp        0      0 127.0.0.1:5300          0.0.0.0:*               LISTEN      22509/pdns_recursor 
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      19933/pdns_server   
tcp6       0      0 :::53                   :::*                    LISTEN      19933/pdns_server   
udp        0      0 127.0.0.1:5300          0.0.0.0:*                           22509/pdns_recursor 
udp        0      0 0.0.0.0:53              0.0.0.0:*                           19933/pdns_server   
udp6       0      0 :::53                   :::*                                19933/pdns_server   

# dig mageia.org @127.0.0.1 -p 53

; <<>> DiG 9.11.6Mageia-1.1.mga7 <<>> mageia.org @127.0.0.1 -p 53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 15989
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1680
;; QUESTION SECTION:
;mageia.org.                    IN      A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed May 20 13:27:23 CEST 2020
;; MSG SIZE  rcvd: 39

# systemctl stop pdns-recursor
# systemctl stop pdns
#  nslookup mageia.org
Server:         192.168.2.1
Address:        192.168.2.1#53

Non-authoritative answer:
Name:   mageia.org
Address: 163.172.148.228
Name:   mageia.org
Address: 2001:bc8:4400:2800::4115

All looks OK.

CC: (none) => herman.viaene
Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OK

David Walser 2020-05-20 15:19:14 CEST

Whiteboard: MGA7TOO MGA7-64-OK => MGA7-64-OK
CC: qa-bugs => (none)
Status comment: Build failed in Cauldron => (none)
Version: Cauldron => 7

Comment 5 Thomas Andrews 2020-05-21 13:59:44 CEST
Validating. Advisory in Comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 6 David Walser 2020-05-22 20:52:11 CEST
Debian has issued an advisory for this on May 21:
https://www.debian.org/security/2020/dsa-4691
Comment 7 Thomas Backlund 2020-05-24 17:45:21 CEST
dropped references to : CVE-2020-10030 as upstream states:

"Linux systems are not affected"

CC: (none) => tmb
Keywords: (none) => advisory

Thomas Backlund 2020-05-24 17:45:36 CEST

Summary: pdns-recursor new security issues CVE-2020-10030, CVE-2020-10995, CVE-2020-12244 => pdns-recursor new security issues CVE-2020-10995, CVE-2020-12244

Comment 8 Mageia Robot 2020-05-24 20:06:39 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0223.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.