Debian 8: DLA-1843-1 Moderate: Pdns Denial Of Service Risk
debian lts
July 3, 2019
Two vulnerabilities have been discovered in pdns, an authoritative DNS server which may result in denial of service via malformed zone records and excessive NOTIFY packets in a mas...
Summary
CVE-2019-10162
An issue has been found in PowerDNS Authoritative Server allowing
an authorized user to cause the server to exit by inserting a
crafted record in a MASTER type zone under their control. The issue
is due to the fact that the Authoritative Server will exit when it
runs into a parsing error while looking up the NS/A/AAAA records it
is about to use for an outgoing notify.
CVE-2019-10163
An issue has been found in PowerDNS Authoritative Server allowing
a remote, authorized master server to cause a high CPU load or even
prevent any further updates to any slave zone by sending a large
number of NOTIFY messages. Note that only servers configured as
slaves are affected by this issue.
For Debian 8 "Jessie", these problems have been fixed in version
3.4.1-4+deb8u10.
We recommend that you upgrade your pdns packages.
For the detailed security status of pdns please refer to
its security tracker page at:
PREVIOUS 
NEXT Package: pdns
Version: 3.4.1-4+deb8u10
CVE ID: CVE-2019-10162 CVE-2019-10163
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!