SB2018110922 - Improper input validation in pdns-recursor (Alpine package)

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper input validation (CVE-ID: CVE-2018-14626)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to DNSSEC validating clients consider the answer to be bogus until it expires from the packet cache. A remote attacker can craft a DNS query, cause an answer without DNSSEC records to be inserted into the packet cache and be returned to clients asking for DNSSEC records, thus hiding the presence of DNSSEC signatures for a specific qname and qtype.

Remediation

Install update from vendor's website.

References

• https://git.alpinelinux.org/aports/commit/?id=0ef8821508fe2042c199551d43e728d1af2cde36
• https://git.alpinelinux.org/aports/commit/?id=a5a93e4963f1fa85d07871cbb586e952309b46b5
• https://git.alpinelinux.org/aports/commit/?id=25d9fe89a4cbd43e9f7cc3e4f9c28cf372f28c57
• https://git.alpinelinux.org/aports/commit/?id=08ec10f083f3eb9549ad5efb4acdbe2c313bc4c2
• https://git.alpinelinux.org/aports/commit/?id=a82df6a94c042f4bf27b6d162cda7fb7d7f513b5
• https://git.alpinelinux.org/aports/commit/?id=d4b0f51ac1e8c9d50821593f4982da6bdb1c68a5
• https://git.alpinelinux.org/aports/commit/?id=0756f3f95a7b96bfe212a78d42d64da35b03a78a
• https://git.alpinelinux.org/aports/commit/?id=2757748db3f9d1beb27dde1298b044cb48fd3edc
• https://git.alpinelinux.org/aports/commit/?id=38a6a429ec5f1bf1ac039294e2692d2f5f9760f5
• https://git.alpinelinux.org/aports/commit/?id=e0ddcae164893e75083138445b2eaf4700047025
• https://git.alpinelinux.org/aports/commit/?id=bf63f1bdf313c1988b026709f085a9c52811b797
• https://git.alpinelinux.org/aports/commit/?id=943fe828eb474fd0c86ec357c79b053b6b7c469a