From $URL: CVE: CVE-2024-25590 Date: 3rd of October 2024. Affects: PowerDNS Recursor up to and including 4.9.8, 5.0.8 and 5.1.1 Not affected: PowerDNS Recursor 4.9.9, 5.0.9 and 5.1.2 Severity: High Impact: Denial of service Exploit: This problem can be triggered by an attacker publishing a crafted zone Risk of system compromise: None Solution: Upgrade to patched version An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service. CVSS Score: 7.5, see https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=72357ffd5e5663b8c0493955efeb84ad5d86ef22 commit 72357ffd5e5663b8c0493955efeb84ad5d86ef22 Author: Sven Wegener <swegener@gentoo.org> AuthorDate: 2024-10-03 18:19:55 +0000 Commit: Sven Wegener <swegener@gentoo.org> CommitDate: 2024-10-03 18:21:03 +0000 net-dns/pdns-recursor: add 5.1.2, drop 5.1.1 Bug: https://bugs.gentoo.org/940726 Signed-off-by: Sven Wegener <swegener@gentoo.org> net-dns/pdns-recursor/Manifest | 2 +- .../{pdns-recursor-5.1.1.ebuild => pdns-recursor-5.1.2.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=12d0a67e4cafe3583702ceeaed63715274ec46fc commit 12d0a67e4cafe3583702ceeaed63715274ec46fc Author: Sven Wegener <swegener@gentoo.org> AuthorDate: 2024-10-03 18:18:06 +0000 Commit: Sven Wegener <swegener@gentoo.org> CommitDate: 2024-10-03 18:21:03 +0000 net-dns/pdns-recursor: add 5.0.9 Bug: https://bugs.gentoo.org/940726 Signed-off-by: Sven Wegener <swegener@gentoo.org> net-dns/pdns-recursor/Manifest | 1 + net-dns/pdns-recursor/pdns-recursor-5.0.9.ebuild | 132 +++++++++++++++++++++++ 2 files changed, 133 insertions(+)
I'm planning on stabilzing 5.0.9 as 5.1.x contains more changes.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2985dac46b96286bfc036d4a6c669ff6ee65b0b6 commit 2985dac46b96286bfc036d4a6c669ff6ee65b0b6 Author: Sven Wegener <swegener@gentoo.org> AuthorDate: 2024-10-04 08:09:58 +0000 Commit: Sven Wegener <swegener@gentoo.org> CommitDate: 2024-10-04 12:12:16 +0000 net-dns/pdns-recursor: drop 5.0.8 Bug: https://bugs.gentoo.org/940726 Signed-off-by: Sven Wegener <swegener@gentoo.org> net-dns/pdns-recursor/Manifest | 1 - net-dns/pdns-recursor/pdns-recursor-5.0.8.ebuild | 132 ----------------------- 2 files changed, 133 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73e0d7927529b19e95cdae5e25553f83fab9df27 commit 73e0d7927529b19e95cdae5e25553f83fab9df27 Author: Sven Wegener <swegener@gentoo.org> AuthorDate: 2024-10-04 08:09:41 +0000 Commit: Sven Wegener <swegener@gentoo.org> CommitDate: 2024-10-04 12:12:13 +0000 net-dns/pdns-recursor: stabilize 5.0.9 for amd64, x86 Bug: https://bugs.gentoo.org/940726 Signed-off-by: Sven Wegener <swegener@gentoo.org> net-dns/pdns-recursor/pdns-recursor-5.0.9.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Arches and Maintainer(s), Thank you for your work. All cleaned up. Moving to GLSA?
