Format: 1.8 Date: Fri, 13 Jan 2017 15:20:50 -0500 Source: pdns-recursor Binary: pdns-recursor pdns-recursor-dbg Architecture: amd64 Version: 3.5.3-1ubuntu0.1 Distribution: trusty Urgency: high Maintainer: Launchpad Build Daemon Changed-By: Scott Kitterman Description: pdns-recursor - PowerDNS recursor pdns-recursor-dbg - debugging symbols for PowerDNS recursor Changes: pdns-recursor (3.5.3-1ubuntu0.1) trusty-security; urgency=high . * SECURITY UPDATE: * References * CVE-2014-8601: PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it. - Added debian/patches/CVE-2014-8601.patch * CVE-2015-1868: The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself. - Added debian/patches/CVE-2015-1868.patch * CVE-2015-5470: The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868. - Added debian/patches/CVE-2015-1868-2.patch * CVE-2016-7068: Florian Heinz and Martin Kluge reported that pdns-recursor parses all records present in a query regardless of whether they are needed or even legitimate, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the pdns server, resulting in a partial denial of service if the system becomes overloaded. - Added debian/patches/CVE-2016-7068.patch * Add debian/patches/qtypes.patch so qtypes required for CVE-2016-7068.patch are available Checksums-Sha1: 05de91f3b76abcbff6013466220b52490da02a68 463854 pdns-recursor_3.5.3-1ubuntu0.1_amd64.deb 0c4ed281c7ee55a217fadebef08cdbf9e6ffa93d 5463952 pdns-recursor-dbg_3.5.3-1ubuntu0.1_amd64.deb e5f5fd6007f866e4da0f0f1880a78d538dbfa61d 984 pdns-recursor-dbgsym_3.5.3-1ubuntu0.1_amd64.ddeb Checksums-Sha256: d0cfcf85116b2935b514178314ced26b203eeaa972948f462c1cc130122f128c 463854 pdns-recursor_3.5.3-1ubuntu0.1_amd64.deb 5f40c4feedd4f849568c775c8a37a209494b8f210e672e4d406195e2df7733d2 5463952 pdns-recursor-dbg_3.5.3-1ubuntu0.1_amd64.deb c22b982ee28461f743ffa6588a5fc4b8c8190bc66aa2f60fb93da37d9aaa2c46 984 pdns-recursor-dbgsym_3.5.3-1ubuntu0.1_amd64.ddeb Files: 52771662282c8d94b413e2bac43e3cea 463854 net extra pdns-recursor_3.5.3-1ubuntu0.1_amd64.deb edbc7698c7b1f5514f53c02b03869c50 5463952 debug extra pdns-recursor-dbg_3.5.3-1ubuntu0.1_amd64.deb db63a156405a53a901c2eeb0fb123b99 984 net extra pdns-recursor-dbgsym_3.5.3-1ubuntu0.1_amd64.ddeb Original-Maintainer: Debian PowerDNS Maintainers