{"id":"MGASA-2020-0286","summary":"Updated pdns-recursor packages fix security vulnerability","details":"Updated pdns-recursor package fixes security vulnerability:\n\nAn issue has been found in PowerDNS Recursor where the ACL applied to the\ninternal web server via webserver-allow-from is not properly enforced,\nallowing a remote attacker to send HTTP queries to the internal web server,\nbypassing the restriction (CVE-2020-14196).\n\nIn the default configuration the API webserver is not enabled. Only\ninstallations using a non-default value for webserver and webserver-address \nare affected.\n","modified":"2026-02-02T11:53:16.807168Z","published":"2020-07-07T13:47:37Z","related":["CVE-2020-14196"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0286.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26887"},{"type":"REPORT","url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-04.html"},{"type":"REPORT","url":"https://doc.powerdns.com/recursor/changelog/4.1.html#change-4.1.17"}],"affected":[{"package":{"name":"pdns-recursor","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/pdns-recursor?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.17-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0286.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}