ASA-201805-1 log original external raw

[ASA-201805-1] powerdns: arbitrary code execution
Arch Linux Security Advisory ASA-201805-1 ========================================= Severity: High Date : 2018-05-09 CVE-ID : CVE-2018-1046 Package : powerdns Type : arbitrary code execution Remote : No Link : Summary ======= The package powerdns before version 4.1.2-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 4.1.2-1. # pacman -Syu "powerdns>=4.1.2-1" The problem has been fixed upstream in version 4.1.2. Workaround ========== None. Description =========== An issue has been found in the dnsreplay tool provided with PowerDNS Authoritative, where replaying a specially crafted PCAP file can trigger a stack based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the --ecs-stamp option of dnsreplay is used. Regardless of this issue, the use of dnsreplay with untrusted PCAP files is not advised. Impact ====== A local attacker is be able to cause a denial of service or execute arbitrary code via a specially crafted PCAP file. References ==========