[SECURITY] [DLA 627-1] pdns security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : pdns
Version : 3.1-4.1+deb7u2
CVE ID : CVE-2016-5426 CVE-2016-5427 CVE-2016-6172
Debian Bug : 830808
Multiple vulnerabilities have been discovered in pdns, an authoritative
DNS server. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2016-5426 / CVE-2016-5427
Florian Heinz and Martin Kluge reported that the PowerDNS
Authoritative Server accepts queries with a qname's length larger
than 255 bytes and does not properly handle dot inside labels. A
remote, unauthenticated attacker can take advantage of these flaws
to cause abnormal load on the PowerDNS backend by sending specially
crafted DNS queries, potentially leading to a denial of service.
CVE-2016-6172
It was reported that a malicious primary DNS server can crash a
secondary PowerDNS server due to improper restriction of zone size
limits. This update adds a feature to limit AXFR sizes in response
to this flaw.
For Debian 7 "Wheezy", these problems have been fixed in version
3.1-4.1+deb7u2.
We recommend that you upgrade your pdns packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --
Jonas Meurer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJX3opnAAoJEFJi5/9JEEn+WqEQAKUgOt7xtOyQbSf9kWMIezqT
yeOrKkw2etRysNH1Nctrnt/bFn2Zz4pYtEmd1Hh1dm3ATapbog7F/9o3PTb7BLpM
hX9CyMNHWA9jAYyDA1fw28lvPh8Eh4WHvj+153Ls9s+2RV8mSw18CGfLV9cR1B5A
5Y41T5edNjCbCl1f3T5h/nl1AG/N0A0knXjy1juLaHPWe2Q+jEMoWsMNXm4H+d+w
mrrATojb3vZLr50g4wsWPD0JMuVHj/pFH7BojrSi/RNl4gn+1w85i4dc1FBJaBaj
Uc+ZXeiLj20zmtAJp8Vn8WO+nkyFGpu6VSl2r/VpR4ebi27udt2/Eg6MNu8CR/Iv
T3obpm6b2sqLkjylMlzSW2jZMs4fX+dT+7buvccx/NQ6hddrlV53/a59i/gnEB5a
nVtEGkV5dpi2G2Y/EIO/T23Bsgv3cO1oW7XfkUvwTMPQEGasoVWjir6bpEDoxMw5
M0RttIdNIZvUyhJVbL2gbU8O4rosOjN0cHdTaloyxpGlzyaph28NtxyYZK+zYttM
JjO6hqSuDSjqlR42yuFLSLOKO5FrCmlsVvmWwauxFKYK5u3ovIAWjl5ewbamhjXj
7sXpsj+Tg6L48tzD4piqYI9m+bnEoMr6uSlkhaq5BB/XjJKqzEvVdo81m+S3Lu0o
qKIx4cyU//VOmRQXXS0C
=r8I6
-----END PGP SIGNATURE-----
Reply to: