[3.5] pdns: Multiple vulnerabilities (CVE-2016-2120, CVE-2016-7068, CVE-2016-7072, CVE-2016-7073, CVE-2016-7074)
CVE-2016-2120: Crafted zone record can cause a denial of service
Affects: PowerDNS Authoritative Server up to and including 3.4.10,
4.0.1
Not affected: PowerDNS Authoritative Server 3.4.11, 4.0.2
Reference:
https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/
Patches:
https://downloads.powerdns.com/patches/2016-05/
CVE-2016-7068: Crafted queries can cause abnormal CPU usage
Affects: PowerDNS Authoritative Server up to and including 3.4.10,
4.0.1
Not affected: PowerDNS Authoritative Server 3.4.11, 4.0.2
Reference:
https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/
Patches:
https://downloads.powerdns.com/patches/2016-02/
CVE-2016-7072: Denial of service via the web server
Affects: PowerDNS Authoritative Server up to and including 3.4.10,
4.0.1
Not affected: PowerDNS Authoritative Server 3.4.11, 4.0.2
Reference:
https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/
Patches:
https://downloads.powerdns.com/patches/2016-03/
CVE-2016-7073, CVE-2016-7074: Insufficient validation of TSIG signatures
Affects: PowerDNS Authoritative Server up to and including 3.4.10,
4.0.1
Not affected: PowerDNS Authoritative Server 3.4.11, 4.0.2
Reference:
https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/
Patches:
https://downloads.powerdns.com/patches/2016-04/
(from redmine: issue id 7044, created on 2017-03-21, closed on 2017-04-06)
- Changesets:
- Revision 3a479b10 by Sergei Lukin on 2017-04-03T12:33:49Z:
community/pdns: security upgrade to 4.0.3 - fixes #7044
CVE-2016-2120: Crafted zone record can cause a denial of service
CVE-2016-7068: Crafted queries can cause abnormal CPU usage
CVE-2016-7072: Denial of service via the web server
CVE-2016-7073, CVE-2016-7074: Insufficient validation of TSIG signatures