Summary: | <net-dns/pdns-3.4.10: Malicious primary DNS servers can crash secondaries | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | swegener |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/07/06/3 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 593286 |
Description
Agostino Sarubbo
2016-07-12 08:39:01 UTC
Proposed patches being tracked by upstream: https://github.com/PowerDNS/pdns/issues/4128 Today (2016-09-02) PowerDNS announced the release of pdns-3.4.10 which addresses the reported problem: > Hi everybody, > > We’re pleased to announce version 3.4.10 of our Authoritative Server. > > This release fixes several bugs, decreases CPU usage and allows better > interoperability with PowerDNS 4.0.X databases. It also adds a feature to > limit AXFR sizes in response to CVE-2016-6172. > > Tar.gz and packages are available on: > > https://downloads.powerdns.com/releases/ > Soon: https://www.monshouwer.eu/download/3rd_party/pdns/ (RHEL/ > CentOS, with the usual huge thanks to Kees Monshouwer). > > Warning: Version 3.4.10 of the PowerDNS Authoritative Server is a major > upgrade if you are coming from 2.9.x. Additionally, if you are coming > from any 3.x version (including 3.3.1), there is a mandatory SQL schema > upgrade. Please refer to the Upgrade documentation for important > information on correct and stable operation, as well as notes on > performance and memory use. > > Find the downloads on our download page, https://www.powerdns.com/downloads.html > > Changes since 3.4.9: > > - commit 1f8078c: Enable mbedtls threading abstraction layer (Kees Monshouwer) > - commit 63a6800: Update polarssl 1.3.9 to mbedtls 1.3.17 (Kees Monshouwer) > - commit dc73734: Report DHCID type (Kees Monshouwer) > - commit 2c6e628: Fix TSIG for single thread distributor (Kees Monshouwer) > - commit 09bdd9f: Don’t send covering nsec records for direct nsec queries (Kees Monshouwer) > - commit da231a4: Ignore trailing dot in signer name (Kees Monshouwer) > - commit a014f4c: Add limits to the size of received AXFR, in megabytes > - commit 881b5b0: Reject qnames with wirelength > 255, chopOff() handle dot inside labels > - commit 210fb15: Gmysql get-order-after-query was slow (Kees Monshouwer) > - commit 7bab770: Sync boost.m4 with upstream (Kees Monshouwer) > - commit 9740371: Fix shorter best matching names in getAuth() (Kees Monshouwer) > - commit 991528c: change default for any-to-tcp to yes (Kees Monshouwer) Source: https://blog.powerdns.com/2016/09/02/authoritative-server-3-4-10/ 3.4.10 is in the tree. pdns-3.4.10 is ready for stabilization @ Arches, please test and mark stable: =net-dns/pdns-3.4.10 Targeted stable KEYWORDS: amd64 x86 amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. GLSA Vote: No |