Main Vulnerability Database SB2018112227

SB2018112227 - Fedora 29 update for dnsdist

Published: November 22, 2018 Updated: April 24, 2025

Security Bulletin ID SB2018112227

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2018-14663)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing DNS queries. A remote attacker can smuggle certain DNS records into the DNS backend and perform spoofing attack. This issue occurs only when either the ‘useClientSubnet’ or the experimental ‘addXPF’ parameters are used when declaring a new backend.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2018-9f375c6c01