Candidate: CVE-2018-14644 PublicDate: 2018-11-09 19:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14644 https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html https://downloads.powerdns.com/patches/2018-07/ Description: An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail. Ubuntu-Description: Notes: Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162 Priority: medium Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H [5.9 MEDIUM] Patches_pdns: upstream_pdns: needs-triage precise/esm_pdns: DNE trusty_pdns: ignored (reached end-of-life) trusty/esm_pdns: DNE (trusty was needs-triage) xenial_pdns: ignored (end of standard support, was needs-triage) bionic_pdns: needs-triage cosmic_pdns: ignored (reached end-of-life) disco_pdns: ignored (reached end-of-life) eoan_pdns: ignored (reached end-of-life) focal_pdns: needs-triage groovy_pdns: ignored (reached end-of-life) hirsute_pdns: ignored (reached end-of-life) impish_pdns: needs-triage jammy_pdns: needs-triage devel_pdns: needs-triage Patches_pdns-recursor: upstream_pdns-recursor: released (4.1.7-1) precise/esm_pdns-recursor: DNE trusty_pdns-recursor: ignored (reached end-of-life) trusty/esm_pdns-recursor: DNE (trusty was needs-triage) xenial_pdns-recursor: ignored (end of standard support, was needs-triage) bionic_pdns-recursor: needs-triage cosmic_pdns-recursor: ignored (reached end-of-life) disco_pdns-recursor: ignored (reached end-of-life) eoan_pdns-recursor: not-affected (4.2.0-6) focal_pdns-recursor: not-affected (4.2.0-6) groovy_pdns-recursor: not-affected (4.2.0-6) hirsute_pdns-recursor: not-affected (4.2.0-6) impish_pdns-recursor: not-affected (4.2.0-6) jammy_pdns-recursor: not-affected (4.2.0-6) devel_pdns-recursor: not-affected (4.2.0-6)