CVE-2019-3806

Upstream information

CVE-2019-3806 at MITRE

Description

An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 1121887 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2019:0131-1, published Mon, 4 Feb 2019 18:09:06 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Package Hub 12 SP1	`pdns-recursor >= 4.1.10-16.1`	Patchnames: openSUSE-2019-131
openSUSE Tumbleweed	`pdns-recursor >= 4.5.5-1.3`	Patchnames: openSUSE Tumbleweed GA pdns-recursor-4.5.5-1.3

SUSE Timeline for this CVE

CVE page created: Tue Jan 15 20:31:40 2019
CVE page last modified: Tue May 23 15:10:12 2023

CVE-2019-3806

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

SUSE Security Advisories:

List of released packages

SUSE Timeline for this CVE

Business-Critical Linux

Enterprise Container Management

Edge

Solutions

Industries

Support

Services

Resources

Partners

Communities

About