Arch Linux Security Advisory ASA-201412-9 ========================================= Severity: High Date : 2014-12-09 CVE-ID : CVE-2014-8601 Package : powerdns-recursor Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE-2014 Summary ======= The package powerdns-recursor before version 3.6.2-1 is vulnerable to remote denial of service. Resolution ========== Upgrade to 3.6.2-1. # pacman -Syu "powerdns-recursor>=3.6.2-1" The problem has been fixed upstream in version 3.6.2. Workaround ========== Only clients in allow-from are able to trigger the degraded service, so this should be limited to your user base. Description =========== PowerDNS, while acting as a caching nameserver, can be negatively impacted by sending queries for specially configured, hard to resolve domain names. This is the same issue as the ones found in bind (ASA-201412-7) and unbound (ASA-201412-8). Impact ====== A remote attacker can trick unbound into consuming a lot of resources by sending a specially crafted query. References ========== http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8601