From $URL: PowerDNS Security Advisory 2023-01: unbounded recursion results in program termination CVE: CVE-2023-22617 Date: 20th of January 2023 Affects: PowerDNS Recursor 4.8.0 Not affected: PowerDNS Recursor < 4.8.0, PowerDNS Recursor 4.8.1 Severity: High Impact: Denial of service Exploit: This problem can be triggered by a remote attacker with access to the recursor by querying names from specific mis-configured domains Risk of system compromise: None Solution: Upgrade to patched version
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3b847a0bd63df1e11889b8899bd4ae79e07f74a commit f3b847a0bd63df1e11889b8899bd4ae79e07f74a Author: Sven Wegener <swegener@gentoo.org> AuthorDate: 2023-01-20 14:07:32 +0000 Commit: Sven Wegener <swegener@gentoo.org> CommitDate: 2023-01-20 14:08:49 +0000 net-dns/pdns-recursor: add 4.8.1, drop 4.8.0, security bug #891475 Bug: https://bugs.gentoo.org/891475 Signed-off-by: Sven Wegener <swegener@gentoo.org> net-dns/pdns-recursor/Manifest | 2 +- .../{pdns-recursor-4.8.0.ebuild => pdns-recursor-4.8.1.ebuild} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
Thanks! In this case the only affected ebuild was unstable, and now that tree is clean we're all done!
