-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : pdns Version : 3.1-4.1+deb7u2 CVE ID : CVE-2016-5426 CVE-2016-5427 CVE-2016-6172 Debian Bug : 830808
Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-5426 / CVE-2016-5427 Florian Heinz and Martin Kluge reported that the PowerDNS Authoritative Server accepts queries with a qname's length larger than 255 bytes and does not properly handle dot inside labels. A remote, unauthenticated attacker can take advantage of these flaws to cause abnormal load on the PowerDNS backend by sending specially crafted DNS queries, potentially leading to a denial of service. CVE-2016-6172 It was reported that a malicious primary DNS server can crash a secondary PowerDNS server due to improper restriction of zone size limits. This update adds a feature to limit AXFR sizes in response to this flaw. For Debian 7 "Wheezy", these problems have been fixed in version 3.1-4.1+deb7u2. We recommend that you upgrade your pdns packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJX3opnAAoJEFJi5/9JEEn+WqEQAKUgOt7xtOyQbSf9kWMIezqT yeOrKkw2etRysNH1Nctrnt/bFn2Zz4pYtEmd1Hh1dm3ATapbog7F/9o3PTb7BLpM hX9CyMNHWA9jAYyDA1fw28lvPh8Eh4WHvj+153Ls9s+2RV8mSw18CGfLV9cR1B5A 5Y41T5edNjCbCl1f3T5h/nl1AG/N0A0knXjy1juLaHPWe2Q+jEMoWsMNXm4H+d+w mrrATojb3vZLr50g4wsWPD0JMuVHj/pFH7BojrSi/RNl4gn+1w85i4dc1FBJaBaj Uc+ZXeiLj20zmtAJp8Vn8WO+nkyFGpu6VSl2r/VpR4ebi27udt2/Eg6MNu8CR/Iv T3obpm6b2sqLkjylMlzSW2jZMs4fX+dT+7buvccx/NQ6hddrlV53/a59i/gnEB5a nVtEGkV5dpi2G2Y/EIO/T23Bsgv3cO1oW7XfkUvwTMPQEGasoVWjir6bpEDoxMw5 M0RttIdNIZvUyhJVbL2gbU8O4rosOjN0cHdTaloyxpGlzyaph28NtxyYZK+zYttM JjO6hqSuDSjqlR42yuFLSLOKO5FrCmlsVvmWwauxFKYK5u3ovIAWjl5ewbamhjXj 7sXpsj+Tg6L48tzD4piqYI9m+bnEoMr6uSlkhaq5BB/XjJKqzEvVdo81m+S3Lu0o qKIx4cyU//VOmRQXXS0C =r8I6 -----END PGP SIGNATURE-----