Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 675968 (CVE-2019-3806, CVE-2019-3807)

Summary: <net-dns/pdns-recursor-4.1.9: multiple vulnerabilities (CVE-2019-{3806,3807})
Product: Gentoo Security Reporter: Sven Wegener <swegener>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---

Description Sven Wegener gentoo-dev 2019-01-21 14:23:50 UTC 
From $URL:

CVE-2019-3806

An issue has been found in PowerDNS Recursor where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.

CVE-2019-3807

An issue has been found in PowerDNS Recursor where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.
Comment 1 Sven Wegener gentoo-dev 2019-01-21 14:55:07 UTC 
The new version fails to build with USE=-protobuf, I'm waiting for upstream.
Comment 2 Larry the Git Cow gentoo-dev 2019-01-21 15:22:30 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6fad89dca5912b9f36ea41977987b8e8ef6cc53f

commit 6fad89dca5912b9f36ea41977987b8e8ef6cc53f
Author:     Sven Wegener <swegener@gentoo.org>
AuthorDate: 2019-01-21 15:21:45 +0000
Commit:     Sven Wegener <swegener@gentoo.org>
CommitDate: 2019-01-21 15:22:20 +0000

    net-dns/pdns-recursor: Version bump, security bug #675968
    
    Bug: https://bugs.gentoo.org/675968
    Signed-off-by: Sven Wegener <swegener@gentoo.org>
    Package-Manager: Portage-2.3.51, Repoman-2.3.11

 net-dns/pdns-recursor/Manifest                     |  1 +
 .../files/pdns-recursor-4.1.9-protobuf-fix.patch   | 32 +++++++++
 net-dns/pdns-recursor/pdns-recursor-4.1.9.ebuild   | 82 ++++++++++++++++++++++
 3 files changed, 115 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2019-01-23 08:13:02 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=21976f093bc676d0b073c93e426c080d78e05f63

commit 21976f093bc676d0b073c93e426c080d78e05f63
Author:     Sven Wegener <swegener@gentoo.org>
AuthorDate: 2019-01-23 07:54:03 +0000
Commit:     Sven Wegener <swegener@gentoo.org>
CommitDate: 2019-01-23 07:54:03 +0000

    net-dns/pdns-recursor: Stable on amd64/x86, bug #675968
    
    Bug: https://bugs.gentoo.org/675968
    Signed-off-by: Sven Wegener <swegener@gentoo.org>
    Package-Manager: Portage-2.3.51, Repoman-2.3.11

 net-dns/pdns-recursor/pdns-recursor-4.1.9.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)