[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 3664-1] pdns security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3664-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 10, 2016                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : pdns
CVE ID         : CVE-2016-5426 CVE-2016-5427 CVE-2016-6172
Debian Bug     : 830808

Multiple vulnerabilities have been discovered in pdns, an authoritative
DNS server. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2016-5426 / CVE-2016-5427

    Florian Heinz and Martin Kluge reported that the PowerDNS
    Authoritative Server accepts queries with a qname's length larger
    than 255 bytes and does not properly handle dot inside labels. A
    remote, unauthenticated attacker can take advantage of these flaws
    to cause abnormal load on the PowerDNS backend by sending specially
    crafted DNS queries, potentially leading to a denial of service.

CVE-2016-6172

    It was reported that a malicious primary DNS server can crash a
    secondary PowerDNS server due to improper restriction of zone size
    limits. This update adds a feature to limit AXFR sizes in response
    to this flaw.

For the stable distribution (jessie), these problems have been fixed in
version 3.4.1-4+deb8u6.

We recommend that you upgrade your pdns packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX06v5AAoJEAVMuPMTQ89EOlMP/2a7w5qfgqWp2KIJBP6qAA67
+XRaLRwDb2s8b9X/6NMFgjmnrZj4RWfDliZK1hqp3mXgr6UjO3Q3KPKK124YlKUL
WMqwPJ8c9BJ0SGzDGb2xLWBntO3r3Wm9H2Rx6WvPhZTahD6X/ucoqphGrbZhLi01
PXr46WCqwvOqWS5rDsFCQQbPg9MABjMxQ2ObDm2CMAE0spNKYteoLjZQEZYxWb9E
JrC4xWi3LragzZNNvoIehhcAlotE4KnhIDTAeTimoU4HtNXVvAnFL0L4cu7d/ytR
1mdrAo60TOdGQ30afJrY2/tLh/eg9uNbWs+Ha63YKeIJvEDE+G3dp6Rw9uTUDKO7
B1sbcaVIv8b3R0DcFjGnB0LiMFRezTHNrBi70PHlDN7ZVhYq3rBdpExkQDxkRLBe
ZfHcZiwo+aUxT719jneaRszQeDrwcLN8N7XtTWPpAAryET8zUxV2wKYwF1DB7KN7
onsaOuyyndALkyv1hGx8scSVBH2grReaSxCWmrjGKPx2INkLtAjRvbD9BZTYOKHV
2JLhNIdK5vclHiSYc4/VmXoIMK4b8bmugVOwJT0/DYI0hSnQBWFq9clmzRNblvzV
dqqz+/vhJM7k/BJXEjD9ZkRO+eOCdsEdMIKeFg1BE2Yiz6pbhNo6AjigDH1eqfxN
wI72WPtWMv6DNriR2mhp
=6o+o
-----END PGP SIGNATURE-----


Reply to: