Otto Moerbeek

**Name of the Vulnerable Software and Affected Versions** PowerDNS Recursor versions prior to 4.3.2 PowerDNS Recursor versions 4.2.2 and earlier PowerDNS Recursor versions 4.1.16 and earlier **Description** The ACL that restricts access to the internal web server is not properly enforced, allowing unauthorized access. This issue affects PowerDNS Recursor versions up to and including 4.3.1, 4.2.2, and 4.1.16. **Recommendations** For PowerDNS Recursor version 4.3.1, update to version 4.3.2 or later to resolve the issue. For PowerDNS Recursor version 4.2.2, update to version 4.2.3 or later to resolve the issue. For PowerDNS Recursor version 4.1.16, update to version 4.1.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the internal web server until a patch is available.

Name of the Vulnerable Software and Affected Versions: yacc (affected versions not specified) Description: The issue arises from the improper handling of reduction of a rule with an empty right-hand side in skeleton.c, part of yacc. This allows context-dependent attackers to cause an out-of-bounds stack access when the yacc stack pointer points to the end of the stack. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.