ArchLinux: 201509-3: powerdns: denial of service
Summary
A bug was found in the PowerDNS Authoritative Server DNS packet parsing/generation code, which, when exploited, can cause individual threads (disabling service) or whole processes (allowing a supervisor to restart them) to crash with just one or a few query packets.
Resolution
Upgrade to 3.4.6-1.
# pacman -Syu "powerdns>=3.4.6-1"
The problem has been fixed upstream in version 3.4.6.
References
https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/ https://access.redhat.com/security/cve/CVE-2015-5230
Workaround
A complete denial of service may be prevented by running the server inside a supervisor and setting distributor-threads to 1. The service may still be degraded though.