Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201511-6 ======================================== Severity: Medium Date : 2015-11-12 CVE-ID : CVE-2015-5311 Package : powerdns Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package powerdns before version 3.4.7-1 is vulnerable to denial of service. Resolution ========= Upgrade to 3.4.7-1. # pacman -Syu "powerdns>=3.4.7-1" The problems have been fixed upstream in version 3.4.7. Workaround ========= When the PowerDNS Authoritative Server is run inside the guardian (--guardian), or inside a supervisor like supervisord or systemd, it will be automatically restarted, limiting the impact to a somewhat degraded service. Description ========== This bug was found using afl-fuzz in the packet parsing code. This bug, when exploited, causes an assertion error and consequent termination of the the pdns_server process, causing a denial-of-service. Impact ===== A remote attacker is able to send specially crafted query packets to crash the powerdns server process, causing a denial-of-service. References ========= https://access.redhat.com/security/cve/CVE-2015-5311 / https://bugs.archlinux.org/task/47014