44 matches found
bind security update
32:9.8.2-0.68.rc1.0.3.8 - Backport fix for CVE-2018-5741 Orabug: 33496185 32:9.8.2-0.68.rc1.0.2.8 - Backport possible assertion failure on DNAME processing CVE-2021-25215 32:9.8.2-0.68.rc1.0.1.8 - Backport the fix for buffer overflow CVE-2020-8625 Orabug: 32588749 32:9.8.2-0.68.rc1.8 - Fix...
SUSE: Security Advisory (SUSE-SU-2021:14603-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2021:0163-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : dnsmasq (openSUSE-2021-124)
This update for dnsmasq fixes the following issues : - bsc1177077: Fixed DNSpooq vulnerabilities - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflow...
Security update for dnsmasq (important)
openSUSE Security Update: Security update for dnsmasq Announcement ID: openSUSE-SU-2021:0124-1 Rating: important References: 1176076 1177077 Cross-References: CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687 Affected Products: openSUSE Leap...
SUSE SLES15 Security Update : dnsmasq (SUSE-SU-2021:0162-1)
This update for dnsmasq fixes the following issues : bsc1177077: Fixed DNSpooq vulnerabilities CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when...
SUSE SLES12 Security Update : dnsmasq (SUSE-SU-2021:0166-1)
This update for dnsmasq fixes the following issues : bsc1177077: Fixed DNSpooq vulnerabilities CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when...
SUSE SLED15 / SLES15 Security Update : dnsmasq (SUSE-SU-2021:0163-1)
This update for dnsmasq fixes the following issues : bsc1177077: Fixed DNSpooq vulnerabilities CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks. CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when...
SUSE-SU-2021:14604-1 Security update for dnsmasq
This update for dnsmasq fixes the following issues: Security issues fixed: - CVE-2020-25684, CVE-2020-25685, CVE-2020-25686: Fixed multiple Cache Poisoning attacks bsc1177077. - CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687: Fixed multiple potential Heap-based overflows when DNSS...
dnsmasq security and bug fix update
2.76-16 - Fix strict-mode retries on REFUSED 1755610 2.76-15 - Forward non-recursive queries to upstream, but serve local names 1755610 2.76-14 - Stop treating SERVFAIL as successful response 1815080 2.76-13 - Do not ignore DHCPv6 relay messages 1757247 2.76-12 - Fix memory leak in createhelper...
Open-Xchange: Recursor accepts unsigned, empty NXDOMAINs in secure zones
Hi! This is a slightly edited version of the email I sent to the project's security contacts on 2020-04-21. Open-Xchange confirmed it and asked me to resubmit it here. --- Subject: Recursor may be accepting unsigned, empty NXDOMAINs in secure zones I can easily reproduce this against Cloudflare's...
CVE-2019-10190
A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of...
Input validation
A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of...
CVE-2018-5734
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected...
CVE-2018-5734 A malformed request can trigger an assertion failure in badcache.c
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected...
Fedora 28 : knot-resolver (2018-389bc4e911)
Knot Resolver 2.3.0 2018-04-23 ================================ Security -------- - fix CVE-2018-1110: denial of service triggered by malformed DNS messages !550, !558, security!2, security!4 - increase resilience against slow lorris attack security!5 Bugfixes -------- - validation: fix SERVFAIL ...
Design/Logic Flaw
An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers fo...
UBUNTU-CVE-2018-14644
An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers fo...
DEBIAN-CVE-2018-14644
An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers fo...
PT-2018-12638 · Powerdns +3 · Powerdns Recursor +3
Name of the Vulnerable Software and Affected Versions: PowerDNS Recursor versions 4.0.0 through 4.1.4 Description: A remote attacker can send a DNS query for a meta-type like OPT, leading to a zone being wrongly cached as failing DNSSEC validation. This issue arises when the parent zone is signed...