Bug#872854: dnsdist: CVE-2016-7069 CVE-2017-7557

2017-08-22 Thread Christian Hofstaedtler 
> CVE-2016-7069[0]:
> Crafted backend responses can cause a denial of service
> 
> CVE-2017-7557[1]:
> Alteration of ACLs via API authentication bypass

Source patches for 1.1.0 are available here:

https://downloads.powerdns.com/patches/2017-01/
https://downloads.powerdns.com/patches/2017-02/

Bug#872854: dnsdist: CVE-2016-7069 CVE-2017-7557

2017-08-21 Thread Salvatore Bonaccorso 
Source: dnsdist
Version: 1.1.0-2
Severity: important
Tags: security patch upstream

Hi,

the following vulnerabilities were published for dnsdist, not filling
two bugs individually since 1.1.0 is commont for all affected suites.

CVE-2016-7069[0]:
Crafted backend responses can cause a denial of service

CVE-2017-7557[1]:
Alteration of ACLs via API authentication bypass

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-7069
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7069
[1] https://security-tracker.debian.org/tracker/CVE-2017-7557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7557

Regards,
Salvatore