New Alerts for PowerDNS, Mozilla Thunderbird, Tenable, and Linux.
PowerDNS
When the recursor detects and deters a spoofing attempt or receives certain malformed DNS packets, it throttles the server that was the target of the impersonation attempt. Unfortunately this mechanism can be used by an attacker with the ability to send queries to the recursor, guess the correct source port of the corresponding outgoing query and inject packets with a spoofed IP address to force the recursor to mark specific authoritative servers as not available, leading to a DoS for the zones served by those servers. CVSSv3 score of 3.7
More info.
Thunderbird users who use the Matrix chat protocol were vulnerable to a DoS.
More info.
Tenable.sc has been updated to correct a vulnerability in Apache. CVSSv3 score of 9.8
More info.
Oracle Linux has updated the kernel. More info.
Ubuntu has updated the kernel. More info.
Comments