DebianDEBIAN:DLA-627-1:8B995[SECURITY] [DLA 627-1] pdns security update
7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.9 High
AI Score
Confidence
High
0.797 High
EPSS
Percentile
98.3%
Package : pdns
Version : 3.1-4.1+deb7u2
CVE ID : CVE-2016-5426 CVE-2016-5427 CVE-2016-6172
Debian Bug : 830808
Multiple vulnerabilities have been discovered in pdns, an authoritative
DNS server. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2016-5426 / CVE-2016-5427
Florian Heinz and Martin Kluge reported that the PowerDNS
Authoritative Server accepts queries with a qname's length larger
than 255 bytes and does not properly handle dot inside labels. A
remote, unauthenticated attacker can take advantage of these flaws
to cause abnormal load on the PowerDNS backend by sending specially
crafted DNS queries, potentially leading to a denial of service.
CVE-2016-6172
It was reported that a malicious primary DNS server can crash a
secondary PowerDNS server due to improper restriction of zone size
limits. This update adds a feature to limit AXFR sizes in response
to this flaw.
For Debian 7 "Wheezy", these problems have been fixed in version
3.1-4.1+deb7u2.
We recommend that you upgrade your pdns packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Jonas Meurer
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 8 | kfreebsd-amd64 | pdns-server-dbg | < 3.4.1-4+deb8u6 | pdns-server-dbg_3.4.1-4+deb8u6_kfreebsd-amd64.deb |
| Debian | 8 | arm64 | pdns-backend-mydns | < 3.4.1-4+deb8u6 | pdns-backend-mydns_3.4.1-4+deb8u6_arm64.deb |
| Debian | 8 | i386 | pdns-backend-lmdb | < 3.4.1-4+deb8u6 | pdns-backend-lmdb_3.4.1-4+deb8u6_i386.deb |
| Debian | 8 | i386 | pdns-backend-remote | < 3.4.1-4+deb8u6 | pdns-backend-remote_3.4.1-4+deb8u6_i386.deb |
| Debian | 7 | armhf | pdns-backend-sqlite | < 3.1-4.1+deb7u2 | pdns-backend-sqlite_3.1-4.1+deb7u2_armhf.deb |
| Debian | 8 | mipsel | pdns-backend-mydns | < 3.4.1-4+deb8u6 | pdns-backend-mydns_3.4.1-4+deb8u6_mipsel.deb |
| Debian | 8 | kfreebsd-i386 | pdns-backend-lmdb | < 3.4.1-4+deb8u6 | pdns-backend-lmdb_3.4.1-4+deb8u6_kfreebsd-i386.deb |
| Debian | 8 | kfreebsd-i386 | pdns-backend-lua | < 3.4.1-4+deb8u6 | pdns-backend-lua_3.4.1-4+deb8u6_kfreebsd-i386.deb |
| Debian | 8 | ppc64el | pdns-backend-mysql | < 3.4.1-4+deb8u6 | pdns-backend-mysql_3.4.1-4+deb8u6_ppc64el.deb |
| Debian | 7 | armhf | pdns-server-dbg | < 3.1-4.1+deb7u2 | pdns-server-dbg_3.1-4.1+deb7u2_armhf.deb |
Related
7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.9 High
AI Score
Confidence
High
0.797 High
EPSS
Percentile
98.3%