{"affected":[{"ecosystem_specific":{"binaries":[{"pdns-recursor":"4.3.5-bp152.2.12.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12 SP1","name":"pdns-recursor","purl":"pkg:rpm/suse/pdns-recursor&distro=SUSE%20Package%20Hub%2012%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.3.5-bp152.2.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"pdns-recursor":"4.3.5-bp152.2.12.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP1","name":"pdns-recursor","purl":"pkg:rpm/suse/pdns-recursor&distro=SUSE%20Package%20Hub%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.3.5-bp152.2.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"pdns-recursor":"4.3.5-bp152.2.12.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP2","name":"pdns-recursor","purl":"pkg:rpm/suse/pdns-recursor&distro=SUSE%20Package%20Hub%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.3.5-bp152.2.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"pdns-recursor":"4.3.5-bp152.2.12.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"pdns-recursor","purl":"pkg:rpm/opensuse/pdns-recursor&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.3.5-bp152.2.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"pdns-recursor":"4.3.5-bp152.2.12.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.2","name":"pdns-recursor","purl":"pkg:rpm/opensuse/pdns-recursor&distro=openSUSE%20Leap%2015.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.3.5-bp152.2.12.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for pdns-recursor fixes the following issues:\n\n-pdns-recursorwas updated to 4.1.1 and 4.3.5:\n   - CVE-2020-25829: Fixed a cache pollution related to DNSSEC validation (boo#1177383)\n   - CVE-2020-14196: Fixed an access restriction bypass with API key and password authentication (boo#1173302).\n","id":"openSUSE-SU-2020:1687-1","modified":"2020-10-17T14:22:35Z","published":"2020-10-17T14:22:35Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OXQDFFHHAGOYSWK5Z3277FVZ3QGDWFCG/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1173302"},{"type":"REPORT","url":"https://bugzilla.suse.com/1177383"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-14196"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25829"}],"related":["CVE-2020-14196","CVE-2020-25829"],"summary":"Security update for pdns-recursor","upstream":["CVE-2020-14196","CVE-2020-25829"]}