-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : pdns Version : 3.4.1-4+deb8u9 CVE ID : CVE-2019-3871 Debian Bug : 924966
A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response. Only installations using the pdns-backend-remote package are affected. For Debian 8 "Jessie", this problem has been fixed in version 3.4.1-4+deb8u9. We recommend that you upgrade your pdns packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAlyeKOoACgkQj/HLbo2J BZ/wWwgAiWPZFOh+OXBitp36ySi4OnkDolH9vz1iOPqk6zF8LU8M4PHrbmD2ORjr pT/PrLHlTkEdPAZeD4vdDEO71CSwIDCCm5j6JAYrBhxTt5waFwFm0VBEUb9cl6Z2 lTXyTiYzXRbnDway8Nb7wS5JHOVbTDf5vQ8ZnP7c3dTvhP4khFoPpTG7W4V4t/Kq T5X9yvnnmvM6n4nfzX8OdsTp3MPMw2uNECeYlksZKg/ER25bVTBLYWqPAodpiOmS uQDgzSPqv5MkprxZy8sZXw4XrxGlgi/yMJzh5he9UbPBKijrJXV/jfBBkI4uucJZ VgDmhGWd4iTdqR8tLFERHmAjItYWVQ== =Hhny -----END PGP SIGNATURE-----