Arch Linux Security Advisory ASA-201511-6 ========================================= Severity: Medium Date : 2015-11-12 CVE-ID : CVE-2015-5311 Package : powerdns Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package powerdns before version 3.4.7-1 is vulnerable to denial of service. Resolution ========== Upgrade to 3.4.7-1. # pacman -Syu "powerdns>=3.4.7-1" The problems have been fixed upstream in version 3.4.7. Workaround ========== When the PowerDNS Authoritative Server is run inside the guardian (--guardian), or inside a supervisor like supervisord or systemd, it will be automatically restarted, limiting the impact to a somewhat degraded service. Description =========== This bug was found using afl-fuzz in the packet parsing code. This bug, when exploited, causes an assertion error and consequent termination of the the pdns_server process, causing a denial-of-service. Impact ====== A remote attacker is able to send specially crafted query packets to crash the powerdns server process, causing a denial-of-service. References ========== https://access.redhat.com/security/cve/CVE-2015-5311 https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/ https://bugs.archlinux.org/task/47014