{"id":"MGASA-2020-0223","summary":"Updated pdns-recursor packages fix security vulnerabilities","details":"Updated pdns-recursor packages fix security vulnerabilities:\n\nAn issue in the DNS protocol has been found that allow malicious parties\nto use recursive DNS services to attack third party authoritative name\nservers. The attack uses a crafted reply by an authoritative name server\nto amplify the resulting traffic between the recursive and other\nauthoritative name servers. Both types of service can suffer degraded\nperformance as an effect (CVE-2020-10995).\n\nAn issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where\nrecords in the answer section of a NXDOMAIN response lacking an SOA were\nnot properly validated in SyncRes::processAnswer. This would allow an\nattacker in position of man-in-the-middle to send a NXDOMAIN answer for\na name that does exist, bypassing DNSSEC validation (CVE-2020-12244).\n","modified":"2026-04-16T00:10:24.904011449Z","published":"2020-05-24T18:04:47Z","upstream":["CVE-2020-10995","CVE-2020-12244"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0223.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26645"},{"type":"ADVISORY","url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html"},{"type":"ADVISORY","url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2020/05/19/3"},{"type":"WEB","url":"https://doc.powerdns.com/recursor/changelog/4.1.html#change-4.1.16"}],"affected":[{"package":{"name":"pdns-recursor","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/pdns-recursor?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.16-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0223.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}