]> granicus.if.org Git - pdns/commitdiff
Fix "Risk of system compromise" and concerned version in advisory 2018 02
authorRemi Gacogne <remi.gacogne@powerdns.com>
Tue, 8 May 2018 13:35:47 +0000 (15:35 +0200)
committerRemi Gacogne <remi.gacogne@powerdns.com>
Tue, 8 May 2018 13:35:47 +0000 (15:35 +0200)
docs/security-advisories/powerdns-advisory-2018-02.rst

index e5bc51cc077e7f5a5c1035cccdcd136ab23c733a..ff988612b1c7f2fa97672d31bb4946b3fd040766 100644 (file)
@@ -9,7 +9,7 @@ PowerDNS Security Advisory 2018-02: Buffer overflow in dnsreplay
 -  Severity: High
 -  Impact: Arbitrary code execution
 -  Exploit: This problem can be triggered via a crafted PCAP file
--  Risk of system compromise: No
+-  Risk of system compromise: Yes
 -  Solution: Upgrade to a non-affected version
 
 An issue has been found in the dnsreplay tool provided with PowerDNS
@@ -20,7 +20,7 @@ dnsreplay is used. Regardless of this issue, the use of dnsreplay with
 untrusted PCAP files is not advised.
 This issue has been assigned CVE-2018-1046 by Red Hat.
 
-PowerDNS Authoritative from 4.0.0 up to and including 4.1.0 is affected.
+PowerDNS Authoritative from 4.0.0 up to and including 4.1.1 is affected.
 
 We would like to thank Wei Hao for finding and subsequently reporting
 this issue.