From ${URL} : It was found [1] that in default configuration PowerDNS is allowed to consume more file descriptors than is available for a default Linux installation. This can potentially lead to the DoS attack. Patch is available at [2] External references: [1]: http://blog.powerdns.com/2014/02/06/related-to-recent-dos-attacks-recursor-configuration-file-guidance/ [2]: https://github.com/Habbie/pdns/commit/e24b124a4c7b49f38ff8bcf6926cd69077d16ad8 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
I've ported and committed the bugfix to pdns-recursor-3.3-r1. The next version to go stable is 3.6.0, which also includes the fix, but it's too recent.
Thank you Sven, Arches, please stabilize: =net-dns/pdns-recursor-3.3-r1 Targets: amd64 x86
Uhm, might as well target 3.5.3 and resolve bug #404377 in one go.
(In reply to Sven Wegener from comment #3) > Uhm, might as well target 3.5.3 and resolve bug #404377 in one go. Sounds good to me, can you confirm that the current ebuild contain the necessary fixes for this bug as well?
I'v just patched 3.5.3 too.
(In reply to Sven Wegener from comment #5) > I'v just patched 3.5.3 too. In the main ebuild or a bumped revision? would you please advise a specific atom for stabilization?
Arches, please disregard Comment 2. Ready for stabilization =net-dns/pdns-recursor-3.5.3-r1 Targets: amd64 x86
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
Arches, Thank you for your work Maintainer(s), please drop the vulnerable version. GLSA Vote: Yes
Maintainer(s), Thank you for cleanup!
YES too, added to the existing request.
This issue was resolved and addressed in GLSA 201412-33 at http://security.gentoo.org/glsa/glsa-201412-33.xml by GLSA coordinator Sean Amoss (ackle).
