Source: pdns-recursor Version: 4.8.2-1 Severity: important Tags: security upstream X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
The following vulnerability was published for pdns-recursor. CVE-2023-26437: | Deterred spoofing attempts can lead to authoritative servers being | marked unavailable. | When the recursor detects and deters a spoofing attempt or receives | certain malformed DNS packets, it throttles the server that was the | target of the impersonation attempt so that other authoritative servers | for the same zone will be more likely to be used in the future, in case | the attacker controls the path to one server only. Unfortunately this | mechanism can be used by an attacker with the ability to send queries to | the recursor, guess the correct source port of the corresponding | outgoing query and inject packets with a spoofed IP address to force the | recursor to mark specific authoritative servers as not available, | leading a denial of service for the zones served by those servers. Additional information: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html Chris PS: unclear to me if 4.4.x in stable is also affected.
