Debian Security Advisory
DSA-3347-1 pdns -- security update
- Date Reported:
- 02 Sep 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-5230.
- More information:
Pyry Hakulinen and Ashish Shakla at Automattic discovered that pdns, an authoritative DNS server, was incorrectly processing some DNS packets; this would enable a remote attacker to trigger a DoS by sending specially crafted packets causing the server to crash.
For the stable distribution (jessie), this problem has been fixed in version 3.4.1-4+deb8u3.
For the testing distribution (stretch) and unstable distribution (sid), this problem has been fixed in version 3.4.6-1.
We recommend that you upgrade your pdns packages.