Format: 1.8 Date: Fri, 13 Jan 2017 15:20:50 -0500 Source: pdns-recursor Binary: pdns-recursor pdns-recursor-dbg Architecture: i386 Version: 3.5.3-1ubuntu0.1 Distribution: trusty Urgency: high Maintainer: Launchpad Build Daemon Changed-By: Scott Kitterman Description: pdns-recursor - PowerDNS recursor pdns-recursor-dbg - debugging symbols for PowerDNS recursor Changes: pdns-recursor (3.5.3-1ubuntu0.1) trusty-security; urgency=high . * SECURITY UPDATE: * References * CVE-2014-8601: PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it. - Added debian/patches/CVE-2014-8601.patch * CVE-2015-1868: The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself. - Added debian/patches/CVE-2015-1868.patch * CVE-2015-5470: The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868. - Added debian/patches/CVE-2015-1868-2.patch * CVE-2016-7068: Florian Heinz and Martin Kluge reported that pdns-recursor parses all records present in a query regardless of whether they are needed or even legitimate, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the pdns server, resulting in a partial denial of service if the system becomes overloaded. - Added debian/patches/CVE-2016-7068.patch * Add debian/patches/qtypes.patch so qtypes required for CVE-2016-7068.patch are available Checksums-Sha1: c0007dca8646fe4c192740dbdd3dfa8eccc6f750 463680 pdns-recursor_3.5.3-1ubuntu0.1_i386.deb c1f6695d2f22c2aea66175b77b42c5592fad67b1 5247742 pdns-recursor-dbg_3.5.3-1ubuntu0.1_i386.deb 785528ad04dda21bd551d219fa8186024f202654 984 pdns-recursor-dbgsym_3.5.3-1ubuntu0.1_i386.ddeb Checksums-Sha256: 5b5e3876647ae11990f109860e1e2aa2a08862f3afc24aa56a76912bfcd64bd3 463680 pdns-recursor_3.5.3-1ubuntu0.1_i386.deb 2bf308e0b1439252296dbaff0194eabe49f7b28fec15be787c7179881db87a6d 5247742 pdns-recursor-dbg_3.5.3-1ubuntu0.1_i386.deb 2dec8d2f8ad52873f93ddad17bc2737a1753c8882db77fe48ddc66fae62ebae7 984 pdns-recursor-dbgsym_3.5.3-1ubuntu0.1_i386.ddeb Files: 9aead7cb34fb175918fa59a24cb83f47 463680 net extra pdns-recursor_3.5.3-1ubuntu0.1_i386.deb 3f512f04138f712a3c4d1aebea3dd9fc 5247742 debug extra pdns-recursor-dbg_3.5.3-1ubuntu0.1_i386.deb 2c7feefeda954eb29067f15c9b1a3f21 984 net extra pdns-recursor-dbgsym_3.5.3-1ubuntu0.1_i386.ddeb Original-Maintainer: Debian PowerDNS Maintainers