{"id":"MGASA-2019-0122","summary":"Updated pdns packages fix security vulnerability","details":"Updated pdns packages fix security vulnerability:\n\nAn issue has been found in PowerDNS Authoritative Server when the HTTP\nremote backend is used in RESTful mode (without post=1 set), allowing a\nremote user to cause the HTTP backend to connect to an attacker-specified\nhost instead of the configured one, via a crafted DNS query. This can be\nused to cause a denial of service by preventing the remote backend from\ngetting a response, content spoofing if the attacker can time its own\nquery so that subsequent queries will use an attacker-controlled HTTP\nserver instead of the configured one, and possibly information disclosure\nif the Authoritative Server has access to internal servers (CVE-2019-3871).\n","modified":"2026-02-02T07:33:28.133259Z","published":"2019-03-29T15:51:06Z","related":["CVE-2019-3871"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0122.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24531"},{"type":"REPORT","url":"https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html"}],"affected":[{"package":{"name":"pdns","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/pdns?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.7-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0122.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}