FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

powerdns -- multiple vulnerabilities

Affected packages
powerdns < 4.1.10

Details

VuXML ID 1c21f6a3-9415-11e9-95ec-6805ca2fa271
Discovery 2019-06-21
Entry 2019-06-21

PowerDNS Team reports:

CVE-2019-10162: An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.

CVE-2019-10163: An issue has been found in PowerDNS Authoritative Server allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.

References

CVE Name CVE-2019-10162
CVE Name CVE-2019-10163
URL https://doc.powerdns.com/authoritative/changelog/4.1.html#change-4.1.10