advisories/27310.adv

type: security
subject: Updated pdns packages fix security vulnerability
CVE:
 - CVE-2020-17482
src:
  7:
   core:
     - pdns-4.1.14-1.mga7
description: |
  An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an
  authorized user with the ability to insert crafted records into a zone might be
  able to leak the content of uninitialized memory. Such a user could be a
  customer inserting data via a control panel, or somebody with access to the
  REST API. Crafted records cannot be inserted via AXFR (CVE-2020-17482).
  
  The pdns package has been updated to versoin 4.1.14, fixing this issue and
  several other bugs.  See the upstream changelog for details.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=27310
 - https://doc.powerdns.com/authoritative/changelog/4.1.html#change-4.1.14
 - https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
1	type: security
2	subject: Updated pdns packages fix security vulnerability
3	CVE:
4	- CVE-2020-17482
5	src:
6	7:
7	core:
8	- pdns-4.1.14-1.mga7
9	description: \|
10	An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an
11	authorized user with the ability to insert crafted records into a zone might be
12	able to leak the content of uninitialized memory. Such a user could be a
13	customer inserting data via a control panel, or somebody with access to the
14	REST API. Crafted records cannot be inserted via AXFR (CVE-2020-17482).
15
16	The pdns package has been updated to versoin 4.1.14, fixing this issue and
17	several other bugs. See the upstream changelog for details.
18	references:
19	- https://bugs.mageia.org/show_bug.cgi?id=27310
20	- https://doc.powerdns.com/authoritative/changelog/4.1.html#change-4.1.14
21	- https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html