pdns-recursor: Multiple vulnerabilities (CVE-2017-15090, CVE-2017-15092, CVE-2017-15093, CVE-2017-15094)
CVE-2017-15090: Insufficient validation of DNSSEC signatures
Affects:
PowerDNS Recursor from 4.0.0 and up to and including 4.0.6
Not affected:
PowerDNS Recursor < 4.0.0, 4.0.7
References:
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html
http://openwall.com/lists/oss-security/2017/11/27/1
CVE-2017-15092: Cross-Site Scripting in the web interface
Affects:
PowerDNS Recursor from 4.0.0 up to and including 4.0.6
Not affected:
PowerDNS Recursor 4.0.7, 3.7.x
References:
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html
http://openwall.com/lists/oss-security/2017/11/27/1
CVE-2017-15093: Configuration file injection in the API
Affects:
PowerDNS Recursor up to and including 4.0.6, 3.7.4
Not affected:
PowerDNS Recursor 4.0.7
References:
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html
http://openwall.com/lists/oss-security/2017/11/27/1
CVE-2017-15094:
Memory leak in DNSSEC parsing
Affects:
PowerDNS Recursor from 4.0.0 up to and including 4.0.6
Not affected:
PowerDNS Recursor 4.0.7
References:
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html
http://openwall.com/lists/oss-security/2017/11/27/1
(from redmine: issue id 8252, created on 2017-12-07, closed on 2017-12-15)
- Relations:
- child #8253 (closed)
- child #8254 (closed)