Security update for pdns-recursor SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:0107-1 Final 1 1 2019-01-31T13:36:30Z current 2019-01-31T13:36:30Z 2019-01-31T13:36:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for pdns-recursor This update for pdns-recursor fixes the following issues: - CVE-2019-3807: Fixed insufficient validation of DNSSEC signatures (boo#1121889) This update was imported from the openSUSE:Leap:15.0:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-107 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EODQST47JNQ5TQLSUG7LE7WYOD6DFJRT/#EODQST47JNQ5TQLSUG7LE7WYOD6DFJRT E-Mail link for openSUSE-SU-2019:0107-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1121889 SUSE Bug 1121889 https://www.suse.com/security/cve/CVE-2019-3807/ SUSE CVE CVE-2019-3807 page SUSE Package Hub 15 pdns-recursor-4.1.2-bp150.2.6.1 pdns-recursor-4.1.2-bp150.2.6.1 as a component of SUSE Package Hub 15 An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation. CVE-2019-3807 SUSE Package Hub 15:pdns-recursor-4.1.2-bp150.2.6.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EODQST47JNQ5TQLSUG7LE7WYOD6DFJRT/#EODQST47JNQ5TQLSUG7LE7WYOD6DFJRT https://www.suse.com/security/cve/CVE-2019-3807.html CVE-2019-3807 https://bugzilla.suse.com/1121889 SUSE Bug 1121889