Upstream has issued an advisory today (September 22): https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html The issue is fixed upstream in 4.1.14 and 4.3.1: https://doc.powerdns.com/authoritative/changelog/4.1.html#change-4.1.14 https://doc.powerdns.com/authoritative/changelog/4.2.html#change-4.3.1 Updates checked into SVN (build system is currently broken). Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Hi, thanks reporting this, Assigning to registered maintainers.
Assignee: bugsquad => mityaKeywords: (none) => TriagedCC: (none) => ouaurelien
Advisory: ======================== Updated pdns packages fix security vulnerability: An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. Such a user could be a customer inserting data via a control panel, or somebody with access to the REST API. Crafted records cannot be inserted via AXFR (CVE-2020-17482). The pdns package has been updated to versoin 4.1.14, fixing this issue and several other bugs. See the upstream changelog for details. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17482 https://doc.powerdns.com/authoritative/changelog/4.1.html#change-4.1.14 https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html ======================== Updated packages in core/updates_testing: ======================== pdns-4.1.14-1.mga7 pdns-backend-pipe-4.1.14-1.mga7 pdns-backend-mysql-4.1.14-1.mga7 pdns-backend-pgsql-4.1.14-1.mga7 pdns-backend-ldap-4.1.14-1.mga7 pdns-backend-sqlite-4.1.14-1.mga7 pdns-backend-geoip-4.1.14-1.mga7 from pdns-4.1.14-1.mga7.src.rpm
Keywords: Triaged => (none)Whiteboard: MGA7TOO => (none)Version: Cauldron => 7Assignee: mitya => qa-bugs
MGA7-64 Plasma on Lenovo B50 No installation issues. Ref bug 254531 for tests After editing /etc/powerdns/pdns.conf # systemctl start pdns # systemctl -l status pdns ● pdns.service - PowerDNS Authoritative Server Loaded: loaded (/usr/lib/systemd/system/pdns.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2020-09-24 15:04:14 CEST; 26s ago Docs: man:pdns_server(1) man:pdns_control(1) https://doc.powerdns.com Main PID: 1103 (pdns_server) Tasks: 8 (limit: 4915) Memory: 4.4M CGroup: /system.slice/pdns.service └─1103 /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no Sep 24 15:04:12 mach5.hviaene.thuis pdns_server[1103]: UDP server bound to 0.0.0.0:53 Sep 24 15:04:12 mach5.hviaene.thuis pdns_server[1103]: TCP server bound to 0.0.0.0:53 Sep 24 15:04:12 mach5.hviaene.thuis pdns_server[1103]: PowerDNS Authoritative Server 4.1.14 (C) 2001-2018 PowerDNS.COM BV Sep 24 15:04:12 mach5.hviaene.thuis pdns_server[1103]: Using 64-bits mode. Built using gcc 8.4.0. Sep 24 15:04:12 mach5.hviaene.thuis pdns_server[1103]: PowerDNS comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it accor> Sep 24 15:04:14 mach5.hviaene.thuis pdns_server[1103]: Polled security status of version 4.1.14 at startup, no known issues reported: OK Sep 24 15:04:14 mach5.hviaene.thuis pdns_server[1103]: Creating backend connection for TCP Sep 24 15:04:14 mach5.hviaene.thuis pdns_server[1103]: About to create 3 backend threads for UDP Sep 24 15:04:14 mach5.hviaene.thuis systemd[1]: Started PowerDNS Authoritative Server. Sep 24 15:04:14 mach5.hviaene.thuis pdns_server[1103]: Done launching threads, ready to distribute questions # netstat -pantu | grep pdns tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 1103/pdns_server udp 0 0 0.0.0.0:53 0.0.0.0:* 1103/pdns_server $ dig mageia.org @127.0.0.1 ; <<>> DiG 9.11.6Mageia-1.1.mga7 <<>> mageia.org @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 20642 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1680 ;; QUESTION SECTION: ;mageia.org. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Sep 24 15:11:51 CEST 2020 ;; MSG SIZE rcvd: 39 Same as earlier, so OK for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 2.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0375.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
Blocks: (none) => 24994
I updated the SVN advisory for this bug to include the info from Bug 24994, so the wiki advisory should get updated the next time the script is run. However, there is some manual intervention required by sysadmins due to one of the CVEs in Bug 24994 (but only when pdns is used with postgresql, so it doesn't affect *everyone*) that should have been included in the advisory. It's there now, but for those only reading the updates-announce list, they won't see that. Is there a way the e-mail for this advisory could be re-generated with the updated advisory and re-sent to the updates-announce list?
Email advisory has been resent and received via updates-announce. https://advisories.mageia.org/MGASA-2020-0375.html