[ASA-201811-21] powerdns-recursor: denial of service
Arch Linux Security Advisory ASA-201811-21 ========================================== Severity: Medium Date : 2018-11-28 CVE-ID : CVE-2018-16855 Package : powerdns-recursor Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-821 Summary ======= The package powerdns-recursor before version 4.1.8-1 is vulnerable to denial of service. Resolution ========== Upgrade to 4.1.8-1. # pacman -Syu "powerdns-recursor>=4.1.8-1" The problem has been fixed upstream in version 4.1.8. Workaround ========== None. Description =========== An issue has been found in PowerDNS Recursor versions from 4.1.0 up to and including 4.1.7, where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash. Impact ====== A remote attacker can cause a denial of service via a crafted query. References ========== https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-201... https://seclists.org/oss-sec/2018/q4/183 https://github.com/PowerDNS/pdns/commit/e412a949491886c13854587bbd06fa90ceb3... https://security.archlinux.org/CVE-2018-16855
participants (1)
-
Remi Gacogne