Security Information / 2014 / Security Information -- DSA-3096-1 pdns-recursor

Debian Security Advisory

DSA-3096-1 pdns-recursor -- security update

Date Reported:

11 Dec 2014

Affected Packages:

pdns-recursor

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-8601.

More information:

Florian Maury from ANSSI discovered a flaw in pdns-recursor, a recursive DNS server : a remote attacker controlling maliciously-constructed zones or a rogue server could affect the performance of pdns-recursor, thus leading to resource exhaustion and a potential denial-of-service.

For the stable distribution (wheezy), this problem has been fixed in version 3.3-3+deb7u1.

For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 3.6.2-1.

We recommend that you upgrade your pdns-recursor packages.