Detections
Analytics

Alpine: multiple pdns packages: security update to 5.0.5-r0

high Tenable Cloud Security Plugin ID 443036

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - Incorrect Behaviour of Views with TCP PROXY Requests (CVE-2026-41999)

 - Insufficient Validation of Names During AXFR (CVE-2026-42000)

 - Insufficient Validation of Autoprimary SOA Queries (CVE-2026-42001)

 - Concurrency and locking defects in GSS-TSIG (CVE-2026-42002)

 - Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail (CVE-2026-42396)

Solution

Update the pdns library and its related packages to version 5.0.5-r0 or later.

See Also

https://security.alpinelinux.org/vuln/CVE-2026-41999

https://security.alpinelinux.org/vuln/CVE-2026-42000

https://security.alpinelinux.org/vuln/CVE-2026-42001

https://security.alpinelinux.org/vuln/CVE-2026-42002

https://security.alpinelinux.org/vuln/CVE-2026-42396

Plugin Details

Severity: High

ID: 443036

Version: Revision 1.1

Type: Local

Published: 6/10/2026

Updated: 6/10/2026

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2026-42002

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2026-42000

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/21/2026

Reference Information

CVE: CVE-2026-41999, CVE-2026-42000, CVE-2026-42001, CVE-2026-42002, CVE-2026-42396