Candidate: CVE-2019-3807
PublicDate: 2019-01-29 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3807
 https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html
Description:
 An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9
 where records in the answer section of responses received from
 authoritative servers with the AA flag not set were not properly validated,
 allowing an attacker to bypass DNSSEC validation.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_pdns-recursor:
upstream_pdns-recursor: released (4.1.9-1)
precise/esm_pdns-recursor: DNE
trusty_pdns-recursor: ignored (reached end-of-life)
trusty/esm_pdns-recursor: DNE (trusty was needs-triage)
xenial_pdns-recursor: ignored (end of standard support, was needs-triage)
bionic_pdns-recursor: needs-triage
cosmic_pdns-recursor: ignored (reached end-of-life)
disco_pdns-recursor: not-affected (4.1.9-1)
eoan_pdns-recursor: not-affected (4.1.9-1)
focal_pdns-recursor: not-affected (4.1.9-1)
groovy_pdns-recursor: not-affected (4.1.9-1)
hirsute_pdns-recursor: not-affected (4.1.9-1)
impish_pdns-recursor: not-affected (4.1.9-1)
jammy_pdns-recursor: not-affected (4.1.9-1)
devel_pdns-recursor: not-affected (4.1.9-1)