Mehrere Probleme in PowerDNS Authoritative Server
ID: | DSA-3664-1 |
Distribution: | Debian |
Plattformen: | Debian jessie |
Datum: | Sa, 10. September 2016, 09:19 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5426 |
Applikationen: | PowerDNS Authoritative Server |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3664-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 10, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pdns CVE ID : CVE-2016-5426 CVE-2016-5427 CVE-2016-6172 Debian Bug : 830808 Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-5426 / CVE-2016-5427 Florian Heinz and Martin Kluge reported that the PowerDNS Authoritative Server accepts queries with a qname's length larger than 255 bytes and does not properly handle dot inside labels. A remote, unauthenticated attacker can take advantage of these flaws to cause abnormal load on the PowerDNS backend by sending specially crafted DNS queries, potentially leading to a denial of service. CVE-2016-6172 It was reported that a malicious primary DNS server can crash a secondary PowerDNS server due to improper restriction of zone size limits. This update adds a feature to limit AXFR sizes in response to this flaw. For the stable distribution (jessie), these problems have been fixed in version 3.4.1-4+deb8u6. We recommend that you upgrade your pdns packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJX06v5AAoJEAVMuPMTQ89EOlMP/2a7w5qfgqWp2KIJBP6qAA67 +XRaLRwDb2s8b9X/6NMFgjmnrZj4RWfDliZK1hqp3mXgr6UjO3Q3KPKK124YlKUL WMqwPJ8c9BJ0SGzDGb2xLWBntO3r3Wm9H2Rx6WvPhZTahD6X/ucoqphGrbZhLi01 PXr46WCqwvOqWS5rDsFCQQbPg9MABjMxQ2ObDm2CMAE0spNKYteoLjZQEZYxWb9E JrC4xWi3LragzZNNvoIehhcAlotE4KnhIDTAeTimoU4HtNXVvAnFL0L4cu7d/ytR 1mdrAo60TOdGQ30afJrY2/tLh/eg9uNbWs+Ha63YKeIJvEDE+G3dp6Rw9uTUDKO7 B1sbcaVIv8b3R0DcFjGnB0LiMFRezTHNrBi70PHlDN7ZVhYq3rBdpExkQDxkRLBe ZfHcZiwo+aUxT719jneaRszQeDrwcLN8N7XtTWPpAAryET8zUxV2wKYwF1DB7KN7 onsaOuyyndALkyv1hGx8scSVBH2grReaSxCWmrjGKPx2INkLtAjRvbD9BZTYOKHV 2JLhNIdK5vclHiSYc4/VmXoIMK4b8bmugVOwJT0/DYI0hSnQBWFq9clmzRNblvzV dqqz+/vhJM7k/BJXEjD9ZkRO+eOCdsEdMIKeFg1BE2Yiz6pbhNo6AjigDH1eqfxN wI72WPtWMv6DNriR2mhp =6o+o -----END PGP SIGNATURE----- |