Hello,

How could I unsubscribe from this list ?

Thank you !
Regards,
Julien

Le lun. 1 juil. 2024 à 03:25, Daniel Leidert <dleid...@debian.org> a écrit :

> -------------------------------------------------------------------------
> Debian LTS Advisory DLA-3855-1                debian-lts@lists.debian.org
> https://www.debian.org/lts/security/                       Daniel Leidert
> July 01, 2024                                 https://wiki.debian.org/LTS
> -------------------------------------------------------------------------
>
> Package        : pdns-recursor
> Version        : 4.1.11-1+deb10u2
> CVE ID         : CVE-2020-14196 CVE-2020-25829
> Debian Bug     : 964103 972159
>
> Brief introduction
>
> CVE-2020-14196
>
>     The ACL restricting access to the internal web server is not properly
>     enforced.
>
> CVE-2020-25829
>
>     A remote attacker can cause the cached records for a given name to be
>     updated to the Bogus DNSSEC validation state, instead of their actual
>     DNSSEC Secure state, via a DNS ANY query. This results in a denial of
>     service for installation that always validate (dnssec=validate), and
>     for clients requesting validation when on-demand validation is enabled.
>
> For Debian 10 buster, these problems have been fixed in version
> 4.1.11-1+deb10u2.
>
> We recommend that you upgrade your pdns-recursor packages.
>
> For the detailed security status of pdns-recursor please refer to
> its security tracker page at:
> https://security-tracker.debian.org/tracker/pdns-recursor
>
> Further information about Debian LTS security advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://wiki.debian.org/LTS
>

Reply via email to