RE: [SECURITY] [DSA 3664-1] pdns security update

To: "'debian-security@lists.debian.org'" <debian-security@lists.debian.org>
Subject: RE: [SECURITY] [DSA 3664-1] pdns security update
From: "Nesbitt, Ken" <Ken.Nesbitt@fbcs-inc.com>
Date: Sat, 10 Sep 2016 22:55:11 +0000
Message-id: <[🔎] FC238F57358EA54AAEA87DC1A8B339B001806BF0@fbpa1mx1.fbcs-inc.com>
In-reply-to: <E1bic4V-0001jR-Oa@master.debian.org>
References: <E1bic4V-0001jR-Oa@master.debian.org>

yep

-----Original Message-----
From: Salvatore Bonaccorso [mailto:carnil@debian.org]
Sent: Saturday, September 10, 2016 2:47 AM
To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 3664-1] pdns security update
Importance: High

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3664-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
September 10, 2016                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : pdns
CVE ID         : CVE-2016-5426 CVE-2016-5427 CVE-2016-6172
Debian Bug     : 830808

Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2016-5426 / CVE-2016-5427

    Florian Heinz and Martin Kluge reported that the PowerDNS
    Authoritative Server accepts queries with a qname's length larger
    than 255 bytes and does not properly handle dot inside labels. A
    remote, unauthenticated attacker can take advantage of these flaws
    to cause abnormal load on the PowerDNS backend by sending specially
    crafted DNS queries, potentially leading to a denial of service.

CVE-2016-6172

    It was reported that a malicious primary DNS server can crash a
    secondary PowerDNS server due to improper restriction of zone size
    limits. This update adds a feature to limit AXFR sizes in response
    to this flaw.

For the stable distribution (jessie), these problems have been fixed in version 3.4.1-4+deb8u6.

We recommend that you upgrade your pdns packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX06v5AAoJEAVMuPMTQ89EOlMP/2a7w5qfgqWp2KIJBP6qAA67
+XRaLRwDb2s8b9X/6NMFgjmnrZj4RWfDliZK1hqp3mXgr6UjO3Q3KPKK124YlKUL
WMqwPJ8c9BJ0SGzDGb2xLWBntO3r3Wm9H2Rx6WvPhZTahD6X/ucoqphGrbZhLi01
PXr46WCqwvOqWS5rDsFCQQbPg9MABjMxQ2ObDm2CMAE0spNKYteoLjZQEZYxWb9E
JrC4xWi3LragzZNNvoIehhcAlotE4KnhIDTAeTimoU4HtNXVvAnFL0L4cu7d/ytR
1mdrAo60TOdGQ30afJrY2/tLh/eg9uNbWs+Ha63YKeIJvEDE+G3dp6Rw9uTUDKO7
B1sbcaVIv8b3R0DcFjGnB0LiMFRezTHNrBi70PHlDN7ZVhYq3rBdpExkQDxkRLBe
ZfHcZiwo+aUxT719jneaRszQeDrwcLN8N7XtTWPpAAryET8zUxV2wKYwF1DB7KN7
onsaOuyyndALkyv1hGx8scSVBH2grReaSxCWmrjGKPx2INkLtAjRvbD9BZTYOKHV
2JLhNIdK5vclHiSYc4/VmXoIMK4b8bmugVOwJT0/DYI0hSnQBWFq9clmzRNblvzV
dqqz+/vhJM7k/BJXEjD9ZkRO+eOCdsEdMIKeFg1BE2Yiz6pbhNo6AjigDH1eqfxN
wI72WPtWMv6DNriR2mhp
=6o+o
-----END PGP SIGNATURE-----

NOTICE: This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake, please let us know by e-mail reply and delete it from your system; you may not copy this message or disclose its contents to anyone. Please send us by fax any message containing deadlines as incoming e-mails are not screened for response deadlines. The integrity and security of this message cannot be guaranteed on the Internet.

Reply to:

Prev by Date: RE: [SECURITY] [DSA 3664-1] pdns security update
Next by Date: Re: [SECURITY] [DSA 3666-1] mysql-5.5 security update
Previous by thread: RE: [SECURITY] [DSA 3664-1] pdns security update
Next by thread: Re: [SECURITY] [DSA 3666-1] mysql-5.5 security update
Index(es):
- Date
- Thread