[SECURITY] [DSA 6077-1] pdns-recursor security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6077-1] pdns-recursor security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 10 Dec 2025 09:49:13 +0000
Message-id: <[🔎] E1vTGor-00Cxun-2t@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6077-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
December 10, 2025                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : pdns-recursor
CVE ID         : CVE-2025-59030
Debian Bug     : 1122197

Insufficient validation of incoming notifies over TCP in PDNS Recursor,
a resolving name server, could result in denial of service.

For the stable distribution (trixie), this problem has been fixed in
version 5.2.7-0+deb13u1.

We recommend that you upgrade your pdns-recursor packages.

For the detailed security status of pdns-recursor please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/pdns-recursor

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmk5QRlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0T4yhAAm7YTIcEyfc3/rrJUDeRTAHjHWrMfD4l4Uv/ckHBJGn2/RDtJDX/sbbCn
Sw8kNGIzlnNn4v6uK3tPEUYxUlAifMwwtAebanupvbBpmMkLwblotJ3JUiJswkrN
Tuc9zR6f/BP7twSEhj1Ip19sZPAu1lDEt3QE9F3s4dlF+hvjd3GZv1rGEsHtYzNK
sxBmHmP6s5sNKu+//0fCtBuoKcFsMcRZp/fXCXp6/GabVTLlW4PCFIYtwAnbLjU2
FGYs6E5nk7rzSIya2rYJOfXQ6zj5uTs6x3PYZnnW9ZRAXRF5758K3XgFO/cd1Kog
GTBimU9EoFocRCaRLW2PwxdcAMemzZZn2/JzJw1gNuEs+SMCD0LWexCZi1C8mzJr
KJy7X7pyqDI7gBkMmkJV6DjGwMOTATWgW0oxBppMKJ6RnuuaAjwtUfemHnacAZtF
k3sI8Qf3RrslE9UHFefAaPARe3Y6YBuyFi+Sycdm/E5l6EMujH0yynyPFNA1LGzL
i6tCYETfBZMN3DsWbLCN8aqa/bGCY+0XS+9CN3xEnWWejcPJAMXl17pJrYSMoe3J
xa0jCTxYg19nthT/8aZIea/EQ3ogXCEHcEnKOssCPOgHj0F4Uot4jVRFZvOLNwfp
IrkIMIbmgy1zbUHnNMNvmwf9oeKcRBV6p6MyYW5I8SOMLBd+ZS4=
=kG07
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6076-1] libpng1.6 security update
Next by Date: [SECURITY] [DSA 6078-1] firefox-esr security update
Previous by thread: [SECURITY] [DSA 6076-1] libpng1.6 security update
Next by thread: [SECURITY] [DSA 6078-1] firefox-esr security update
Index(es):
- Date
- Thread