Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.878029
Category:Fedora Local Security Checks
Title:Fedora: Security Advisory for adns (FEDORA-2020-530188bf36)
Summary:The remote host is missing an update for the 'adns'; package(s) announced via the FEDORA-2020-530188bf36 advisory.
Description:Summary:
The remote host is missing an update for the 'adns'
package(s) announced via the FEDORA-2020-530188bf36 advisory.

Vulnerability Insight:
adns is a resolver library for C (and C++) programs. In contrast with
the existing interfaces, gethostbyname et al and libresolv, it has the
following features:

- It is reasonably easy to use for simple programs which just want to
translate names to addresses, look up MX records, etc.

- It can be used in an asynchronous, non-blocking, manner. Many
queries can be handled simultaneously.

- Responses are decoded automatically into a natural representation
for a C program - there is no need to deal with DNS packet formats.

- Sanity checking (eg, name syntax checking, reverse/forward
correspondence, CNAME pointing to CNAME) is performed automatically.

- Time-to-live, CNAME and other similar information is returned in an
easy-to-use form, without getting in the way.

- There is no global state in the library, resolver state is an opaque
data structure which the client creates explicitly. A program can have
several instances of the resolver.

- Errors are reported to the application in a way that distinguishes
the various causes of failure properly.

- Understands conventional resolv.conf, but this can overridden by
environment variables.

- Flexibility. For example, the application can tell adns to: ignore
environment variables (for setuid programs), disable sanity checks eg
to return arbitrary data, override or ignore resolv.conf in favour of
supplied configuration, etc.

- Believed to be correct ! For example, will correctly back off to TCP
in case of long replies or queries, or to other nameservers if several
are available. It has sensible handling of bad responses etc.

Affected Software/OS:
'adns' package(s) on Fedora 32.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-9105
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRVHN3GGVNQWAOL3PWC5FLAV7HUESLZR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UGFZ4SPV6KFQK6ZNUZFB5Y32OYFOM5YJ/
http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git
Common Vulnerability Exposure (CVE) ID: CVE-2017-9103
SuSE Security Announcement: openSUSE-SU-2020:0827 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00037.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-9104
Common Vulnerability Exposure (CVE) ID: CVE-2017-9109
Common Vulnerability Exposure (CVE) ID: CVE-2017-9106
Common Vulnerability Exposure (CVE) ID: CVE-2017-9107
Common Vulnerability Exposure (CVE) ID: CVE-2017-9108
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.