-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : pdns-recursor Version : 3.3-3+deb7u2 CVE ID : CVE-2016-9139
Florian Heinz and Martin Kluge reported that pdns-recursor, a recursive DNS server, parses all records present in a query regardless of whether they are needed or even legitimate, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the pdns server, resulting in a partial denial of service if the system becomes overloaded. For Debian 7 "Wheezy", these problems have been fixed in version 3.3-3+deb7u2. We recommend that you upgrade your pdns-recursor packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAlh9SP0QHG1lam9AZGVi aWFuLm9yZwAKCRBSYuf/SRBJ/sPAD/9/zBq4yniwSJ/xeqdhfzM+dJ2FvLvSyTd2 8qeT7m/W5kDDQ1+3MpKiSGbcuYlCarlecsIRSPaFRjxG13nTGMrhDHsXmmmdLHQ+ lOQNNRjQH4daZ+1Ch4HMTP25lxaNEggSwl47oSbj5cCqbdSf8MiWhZDu0xdsZ6ql IWzW3sCEwPHmzRlOwGvtyyyVApnWEt1r7OBtpF6DOf39CCYIPksVxjPZOsb7K5gc q8b5v8LWNvZW0XCXznmaSbGBLuzxVaB99X1EhEQvjaC/5sjNU9bRwlqZcesPriKg 88iOx/HQftjrAXgnTMtSktVVhCuBX4iEPk/r4wqFZq9/h6+t8Jx12/LITK/1xbX8 NOCkaPh0BnRNR0UVL0YGP1Munfym1NFOon/2VwYxOufsupWviFDwWTFhptMM4ojd GcAVM5+5j8AHOIm6MKl+AmSn60MDfhMTHCzJxNDNjUg6QhgPfaPTQBkxFYMtZwAX cIIvyshhOnTrv6hQHEfEGSM2sP9p9M1sjcVs6CRe47IHY2ZuJ1nrZX/4MzJvlTo6 bx/9XgU+feP0Ujk5u1qhX8jvDuth0z81Yeh+sJuZbZICERG5nA/URLYmiDfjMjRq ehbdXfmGDbjXjZtmWtVv6mm/9WhPiDpLpHztRKcpRIiD+O0gvYPWhOXxaV4S82kU JjmfL0nFSA== =n+s9 -----END PGP SIGNATURE-----
