[3.5] pdns-recursor: Multiple vulnerabilities (CVE-2016-7068, CVE-2016-7073, CVE-2016-7074)
CVE-2016-7068: Crafted queries can cause abnormal CPU usage
Affects: PowerDNS Recursor up to and including 3.7.3, 4.0.3
Not affected: PowerDNS Recursor 3.7.4, 4.0.4
Reference:
https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/
Patches:
https://downloads.powerdns.com/patches/2016-02/
CVE-2016-7073, CVE-2016-7074: Insufficient validation of TSIG signatures
Affects: PowerDNS Recursor from 4.0.0 and up to and including
4.0.3
Not affected: PowerDNS Recursor < 4.0.0, 4.0.4
Reference:
https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/
Patches:
https://downloads.powerdns.com/patches/2016-04/
(from redmine: issue id 7045, created on 2017-03-21, closed on 2017-04-06)
- Changesets:
- Revision e98a3138 by Sergei Lukin on 2017-04-03T10:06:31Z:
community/pdns-recursor: security upgrade to 4.0.4 - fixes #7045
CVE-2016-7068: Crafted queries can cause abnormal CPU usage
CVE-2016-7073, CVE-2016-7074: Insufficient validation of TSIG signatures
https://doc.powerdns.com/md/changelog/#powerdns-recursor-404