Candidate: CVE-2019-3806
PublicDate: 2019-01-29 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3806
 https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html
Description:
 An issue has been found in PowerDNS Recursor versions after 4.1.3 before
 4.1.9 where Lua hooks are not properly applied to queries received over TCP
 in some specific combination of settings, possibly bypassing security
 policies enforced using Lua.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]


Patches_pdns-recursor:
upstream_pdns-recursor: released (4.1.9-1)
precise/esm_pdns-recursor: DNE
trusty_pdns-recursor: ignored (reached end-of-life)
trusty/esm_pdns-recursor: DNE (trusty was needs-triage)
xenial_pdns-recursor: ignored (end of standard support, was needs-triage)
bionic_pdns-recursor: needs-triage
cosmic_pdns-recursor: ignored (reached end-of-life)
disco_pdns-recursor: not-affected (4.1.9-1)
eoan_pdns-recursor: not-affected (4.1.9-1)
focal_pdns-recursor: not-affected (4.1.9-1)
groovy_pdns-recursor: not-affected (4.1.9-1)
hirsute_pdns-recursor: not-affected (4.1.9-1)
impish_pdns-recursor: not-affected (4.1.9-1)
jammy_pdns-recursor: not-affected (4.1.9-1)
devel_pdns-recursor: not-affected (4.1.9-1)