AVG-520 log

Package powerdns-recursor
Status Fixed
Severity Medium
Type multiple issues
Affected 4.0.6-3
Fixed 4.0.7-1
Current 4.2.0-4 [community-testing]
4.2.0-3 [community]
Ticket None
Created Mon Nov 27 17:03:15 2017
Issue Severity Remote Type Description
CVE-2017-15094 Medium Yes Denial of service
An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, during a code audit by Nixu, leading to a...
CVE-2017-15093 Medium Yes Insufficient validation
An issue has been found in the API of PowerDNS Recursor < 4.0.7, during a source code audit by Nixu. When 'api-config-dir' is set to a non-empty value,...
CVE-2017-15092 Medium Yes Cross-site scripting
An issue has been found in the web interface of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the qname of DNS queries was displayed...
CVE-2017-15090 Medium Yes Insufficient validation
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 up to and including 4.0.5, where the signatures might have been...
Date Advisory Package Description
27 Nov 2017 ASA-201711-31 powerdns-recursor multiple issues
References
http://seclists.org/oss-sec/2017/q4/329