CVE: CVE-2015-5230 Date: 2nd of September 2015 Credit: Pyry Hakulinen and Ashish Shakla at Automattic Affects: PowerDNS Authoritative Server 3.4.0 through 3.4.5 Not affected: PowerDNS Authoritative Server 3.4.6 Severity: High Impact: Degraded service or Denial of service Exploit: This problem can be triggered by sending specially crafted query packets Risk of system compromise: No Solution: Upgrade to a non-affected version Workaround: Run the Authoritative Server inside a supervisor when `distributor- threads` is set to `1` to prevent Denial of Service. No workaround for the degraded service exists Reproducible: Always
*** Bug 559876 has been marked as a duplicate of this bug. ***
Several days have passed since then, any news on this?
@security: could you please simply bump this one?
I've committed 3.4.6 to the tree.
3.4.6 works for me on x86, thanks.
The new 3.4.6 is vulnerable to another security issue, see bug #559440. Stable candidate is 3.4.7 for both bugs.
Make that bug #565286.
This was first fixed in Gentoo repository by https://gitweb.gentoo.org/repo/gentoo.git/commit/net-dns/pdns?id=0a6c9076768524880ef4bbc0b741104d6dae1cdf @ Security: Please vote!
GLSA Vote: No