[SECURITY] [DLA 627-1] pdns security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 627-1] pdns security update
From: Jonas Meurer <mejo@debian.org>
Date: Sun, 18 Sep 2016 14:37:00 +0200
Message-id: <[🔎] 1a26e63c-359a-5f9e-ad7c-aaf2e1a9f705@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : pdns
Version        : 3.1-4.1+deb7u2
CVE ID         : CVE-2016-5426 CVE-2016-5427 CVE-2016-6172
Debian Bug     : 830808


Multiple vulnerabilities have been discovered in pdns, an authoritative
DNS server. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2016-5426 / CVE-2016-5427

    Florian Heinz and Martin Kluge reported that the PowerDNS
    Authoritative Server accepts queries with a qname's length larger
    than 255 bytes and does not properly handle dot inside labels. A
    remote, unauthenticated attacker can take advantage of these flaws
    to cause abnormal load on the PowerDNS backend by sending specially
    crafted DNS queries, potentially leading to a denial of service.

CVE-2016-6172

    It was reported that a malicious primary DNS server can crash a
    secondary PowerDNS server due to improper restriction of zone size
    limits. This update adds a feature to limit AXFR sizes in response
    to this flaw.

For Debian 7 "Wheezy", these problems have been fixed in version
3.1-4.1+deb7u2.

We recommend that you upgrade your pdns packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -- 
Jonas Meurer

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJX3opnAAoJEFJi5/9JEEn+WqEQAKUgOt7xtOyQbSf9kWMIezqT
yeOrKkw2etRysNH1Nctrnt/bFn2Zz4pYtEmd1Hh1dm3ATapbog7F/9o3PTb7BLpM
hX9CyMNHWA9jAYyDA1fw28lvPh8Eh4WHvj+153Ls9s+2RV8mSw18CGfLV9cR1B5A
5Y41T5edNjCbCl1f3T5h/nl1AG/N0A0knXjy1juLaHPWe2Q+jEMoWsMNXm4H+d+w
mrrATojb3vZLr50g4wsWPD0JMuVHj/pFH7BojrSi/RNl4gn+1w85i4dc1FBJaBaj
Uc+ZXeiLj20zmtAJp8Vn8WO+nkyFGpu6VSl2r/VpR4ebi27udt2/Eg6MNu8CR/Iv
T3obpm6b2sqLkjylMlzSW2jZMs4fX+dT+7buvccx/NQ6hddrlV53/a59i/gnEB5a
nVtEGkV5dpi2G2Y/EIO/T23Bsgv3cO1oW7XfkUvwTMPQEGasoVWjir6bpEDoxMw5
M0RttIdNIZvUyhJVbL2gbU8O4rosOjN0cHdTaloyxpGlzyaph28NtxyYZK+zYttM
JjO6hqSuDSjqlR42yuFLSLOKO5FrCmlsVvmWwauxFKYK5u3ovIAWjl5ewbamhjXj
7sXpsj+Tg6L48tzD4piqYI9m+bnEoMr6uSlkhaq5BB/XjJKqzEvVdo81m+S3Lu0o
qKIx4cyU//VOmRQXXS0C
=r8I6
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 626-1] phpmyadmin security update
Next by Date: [SECURITY] [DLA 628-1] php5 security update
Previous by thread: [SECURITY] [DLA 626-1] phpmyadmin security update
Next by thread: [SECURITY] [DLA 628-1] php5 security update
Index(es):
- Date
- Thread