{"id":"MGASA-2019-0008","summary":"Updated pdns packages fix security vulnerabilities","details":"A vulnerability was in found in PowerDNS Authoritative Server. The issue\nis a memory leak occurring while parsing some malformed records, due to\nthe fact that some memory is allocated parsing a record and is not\nalways properly released if the record is not valid. It allows an\nauthorized user to cause a denial of service by inserting specially\ncrafted records in a zone under their control, then sending DNS queries\nfor that zone (CVE-2018-10851).\n\nAn issue has been found in PowerDNS Authoritative Server allowing a\nremote user to craft a DNS query that will cause an answer without\nDNSSEC records to be inserted into the packet cache and be returned to\nclients asking for DNSSEC records, thus hiding the presence of DNSSEC\nsignatures for a specific qname and qtype. For a DNSSEC-signed domain,\nthis means that DNSSEC validating clients will consider the answer to be\nbogus until it expires from the packet cache, leading to a denial of\nservice (CVE-2018-14626).\n","modified":"2026-01-30T20:52:22.711785Z","published":"2019-01-05T18:30:16Z","related":["CVE-2018-10851","CVE-2018-14626"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0008.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23814"},{"type":"REPORT","url":"https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html"},{"type":"REPORT","url":"https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TNGUEM75M7JSLQMLIWGVO422ZTFUZWBD/"}],"affected":[{"package":{"name":"pdns","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/pdns?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.5-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0008.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}