A bug was found using afl-fuzz in our packet parsing code. This bug, when exploited, causes an assertion error and consequent termination of the the pdns_server process, causing a Denial of Service. When the PowerDNS Authoritative Server is run inside the guardian (--guardian), or inside a supervisor like supervisord or systemd, it will be automatically restarted, limiting the impact to a somewhat degraded service. PowerDNS Authoritative Server 3.4.4 - 3.4.6 are affected. No other versions are affected. The PowerDNS Recursor is not affected. PowerDNS Authoritative Server 3.4.7 contains a fix to this issue. This issue is unrelated to the issues in our previous two Security Announcements (2015-01 and 2015-02). Reproducible: Always
I committed 3.4.7 about a week ago.
Arches, please test and mark stable: =net-dns/pdns-3.4.7 Target keywords : "amd64 x86"
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
Arches, Thank you for your work. GLSA Vote: No Maintainer(s), please drop the vulnerable version(s).