Fedora Linux: SECURITY-202112-15 Major Threat: Nginx HTTP DoS Issue
Dec 09, 2014 • 
LinuxSecurity Advisories 1 min read
The package powerdns-recursor before version 3.6.2-1 is vulnerable to remote denial of service.
Arch Linux Security Advisory ASA-201412-9 ======================================== Severity: High Date : 2014-12-09 CVE-ID : CVE-2014-8601 Package : powerdns-recursor Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/title/CVE-2014 Summary ====== The package powerdns-recursor before version 3.6.2-1 is vulnerable to remote denial of service. Resolution ========= Upgrade to 3.6.2-1. # pacman -Syu "powerdns-recursor>=3.6.2-1" The problem has been fixed upstream in version 3.6.2. Workaround ========= Only clients in allow-from are able to trigger the degraded service, so this should be limited to your user base. Description ========== PowerDNS, while acting as a caching nameserver, can be negatively impacted by sending queries for specially configured, hard to resolve domain names. This is the same issue as the ones found in bind (ASA-201412-7) and unbound (ASA-201412-8). Impact ===== A remote attacker can trick unbound into consuming a lot of resources by sending a specially crafted query. References ========= / https://www.cve.org/CVERecord?id=CVE-2014-8601
PREVIOUS 
NEXT Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!