Summary: | <net-dns/pdns-3.4.10: Crafted queries can cause unexpected backend load (CVE-2016-{5426,5427}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | swegener |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/09/09/3 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 588656 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2016-09-09 13:27:04 UTC
pdns-3.4.10 is ready for stabilization @ Security: Please vote! CVE-2016-5427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5427): PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query. CVE-2016-5426 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5426): PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname. GLSA Vote: No |