drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in pdnsd
Name: |
Denial of Service in pdnsd |
|
ID: |
DSA-3763-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie |
|
Datum: |
Sa, 14. Januar 2017, 00:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068 |
|
Applikationen: |
PowerDNS Recursor |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3763-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : pdns-recursor CVE ID : CVE-2016-7068
Florian Heinz and Martin Kluge reported that pdns-recursor, a recursive DNS server, parses all records present in a query regardless of whether they are needed or even legitimate, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the pdns server, resulting in a partial denial of service if the system becomes overloaded.
For the stable distribution (jessie), this problem has been fixed in version 3.6.2-2+deb8u3.
We recommend that you upgrade your pdns-recursor packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlh4/0xfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SZyg/8D08qRtKNFJH3aF7jOL5jCMtNLNbw1OwJfED7QZX5G3ge9GfHXXNK6u8N WVkrQbubkfxks7gj8yUD2M1YyS7ktrk7kllYNgvrMmPaZWRzVbjMutu/RxpOE6iE /Asz6vKo4uZToXWyxVJZMrQ8oYanno0TK5xA548fpxlrwL39C9GqV3BKi7bHAcGR Xvx32YUR+cJe3xptvuQUvhKEwuNnstCaImapGUs6OrPSD3N0t6krCXui8mERo8zt pZOxUC9XCYsKT6EIfG1Ec1rnw22p5rWQDibCXNVR3maz7SWir32RpncnE2tjkYDi nFsLoT0kCDL+v/uEmAFHGmSYmnCCX3xyZj+C1001tQrk1KjpdDzm82rm0DPGtJEl zGfq2EYbjDvmM5KCxlE39ETDX+2cniYx+sjW8Aqc+pRcCSgehVmnddh11bPW5od2 p69hYLXwvzj3RwpuSEWecMzXOIv4ZzdmdGfJgu1Nlkr9ARk1LS8mu8rIAgk0Mp7e kcrMrynsVL5m01Ev9BjMzSTGLRTX7+3vwzMZUNNUjOGqKmugPXcI4wBOLFDqNRiq 9eQ0wpbMpKcaByGpRIIfF95LX5vVP49ukH8zl2acsPLSAEOcEGIP3Kmc6tJJS8RQ xDPge+7PBO4FW8Qe5XkqGLxyPDCIKH57yxnQFvYIFvc525ymZu0= =EBJS -----END PGP SIGNATURE-----
|
|
|
|