Bug 27310 - pdns new security issue CVE-2020-17482
Summary: pdns new security issue CVE-2020-17482
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks: 24994
  Show dependency treegraph
Reported: 2020-09-23 01:07 CEST by David Walser
Modified: 2020-10-16 18:40 CEST (History)
4 users (show)

See Also:
Source RPM: pdns-4.1.8-1.mga7.src.rpm
Status comment:


Description David Walser 2020-09-23 01:07:32 CEST
Upstream has issued an advisory today (September 22):

The issue is fixed upstream in 4.1.14 and 4.3.1:

Updates checked into SVN (build system is currently broken).

Mageia 7 is also affected.
David Walser 2020-09-23 01:07:39 CEST

Whiteboard: (none) => MGA7TOO

Comment 1 Aurelien Oudelet 2020-09-23 05:58:23 CEST
Hi, thanks reporting this,
Assigning to registered maintainers.

Assignee: bugsquad => mitya
Keywords: (none) => Triaged
CC: (none) => ouaurelien

Comment 2 David Walser 2020-09-23 15:31:32 CEST

Updated pdns packages fix security vulnerability:

An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an
authorized user with the ability to insert crafted records into a zone might be
able to leak the content of uninitialized memory. Such a user could be a
customer inserting data via a control panel, or somebody with access to the
REST API. Crafted records cannot be inserted via AXFR (CVE-2020-17482).

The pdns package has been updated to versoin 4.1.14, fixing this issue and
several other bugs.  See the upstream changelog for details.


Updated packages in core/updates_testing:

from pdns-4.1.14-1.mga7.src.rpm

Keywords: Triaged => (none)
Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7
Assignee: mitya => qa-bugs

Comment 3 Herman Viaene 2020-09-24 15:13:12 CEST
MGA7-64 Plasma on Lenovo B50
No installation issues.
Ref bug 254531 for tests
After editing /etc/powerdns/pdns.conf
# systemctl start pdns

# systemctl -l status pdns
● pdns.service - PowerDNS Authoritative Server
   Loaded: loaded (/usr/lib/systemd/system/pdns.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2020-09-24 15:04:14 CEST; 26s ago
     Docs: man:pdns_server(1)
 Main PID: 1103 (pdns_server)
    Tasks: 8 (limit: 4915)
   Memory: 4.4M
   CGroup: /system.slice/pdns.service
           └─1103 /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no

Sep 24 15:04:12 mach5.hviaene.thuis pdns_server[1103]: UDP server bound to
Sep 24 15:04:12 mach5.hviaene.thuis pdns_server[1103]: TCP server bound to
Sep 24 15:04:12 mach5.hviaene.thuis pdns_server[1103]: PowerDNS Authoritative Server 4.1.14 (C) 2001-2018 PowerDNS.COM BV
Sep 24 15:04:12 mach5.hviaene.thuis pdns_server[1103]: Using 64-bits mode. Built using gcc 8.4.0.
Sep 24 15:04:12 mach5.hviaene.thuis pdns_server[1103]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it accor>
Sep 24 15:04:14 mach5.hviaene.thuis pdns_server[1103]: Polled security status of version 4.1.14 at startup, no known issues reported: OK
Sep 24 15:04:14 mach5.hviaene.thuis pdns_server[1103]: Creating backend connection for TCP
Sep 24 15:04:14 mach5.hviaene.thuis pdns_server[1103]: About to create 3 backend threads for UDP
Sep 24 15:04:14 mach5.hviaene.thuis systemd[1]: Started PowerDNS Authoritative Server.
Sep 24 15:04:14 mach5.hviaene.thuis pdns_server[1103]: Done launching threads, ready to distribute questions

# netstat -pantu | grep pdns
tcp        0      0    *               LISTEN      1103/pdns_server    
udp        0      0    *                           1103/pdns_server  
$ dig mageia.org @

; <<>> DiG 9.11.6Mageia-1.1.mga7 <<>> mageia.org @
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 20642
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

; EDNS: version: 0, flags:; udp: 1680
;mageia.org.                    IN      A

;; Query time: 0 msec
;; WHEN: Thu Sep 24 15:11:51 CEST 2020
;; MSG SIZE  rcvd: 39

Same as earlier, so OK for me.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA7-64-OK

Comment 4 Thomas Andrews 2020-09-25 13:57:31 CEST
Validating. Advisory in Comment 2.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Aurelien Oudelet 2020-09-27 19:35:19 CEST

Keywords: (none) => advisory

Comment 5 Mageia Robot 2020-09-27 22:08:01 CEST
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

David Walser 2020-10-13 15:56:47 CEST

Blocks: (none) => 24994

Comment 6 David Walser 2020-10-14 22:42:33 CEST
I updated the SVN advisory for this bug to include the info from Bug 24994, so the wiki advisory should get updated the next time the script is run.

However, there is some manual intervention required by sysadmins due to one of the CVEs in Bug 24994 (but only when pdns is used with postgresql, so it doesn't affect *everyone*) that should have been included in the advisory.  It's there now, but for those only reading the updates-announce list, they won't see that.  Is there a way the e-mail for this advisory could be re-generated with the updated advisory and re-sent to the updates-announce list?
Comment 7 Aurelien Oudelet 2020-10-16 18:40:03 CEST
Email advisory has been resent and received via updates-announce.

Note You need to log in before you can comment on or make changes to this bug.