Arch Linux Security Advisory ASA-201509-3 ========================================= Severity: High Date : 2015-09-07 CVE-ID : CVE-2015-5230 Package : powerdns Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package powerdns before version 3.4.6-1 is vulnerable to a remote denial of service. Resolution ========== Upgrade to 3.4.6-1. # pacman -Syu "powerdns>=3.4.6-1" The problem has been fixed upstream in version 3.4.6. Workaround ========== A complete denial of service may be prevented by running the server inside a supervisor and setting distributor-threads to 1. The service may still be degraded though. Description =========== A bug was found in the PowerDNS Authoritative Server DNS packet parsing/generation code, which, when exploited, can cause individual threads (disabling service) or whole processes (allowing a supervisor to restart them) to crash with just one or a few query packets. Impact ====== A remote attacker can cause a denial of service by sending specially crafted DNS queries. References ========== https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/ https://access.redhat.com/security/cve/CVE-2015-5230