Updated pdns-recursor packages fix CVE-2014-8601
Publication date: 10 Dec 2014Modification date: 10 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8601
Description
Updated pdns-recursor package fixes security vulnerability:
PowerDNS Recursor before version 3.6.2, could be negatively impacted by
specially configured, hard to resolve domain names. A remote attacker, by
sending a query for such a domain name, could cause severe performance
degradation in PowerDNS Recursor, causing a denial of service (CVE-2014-8601).
The pdns-recursor package has been updated to version 3.6.2, fixing this issue
and several other bugs, as well as providing additional features.
References
- https://bugs.mageia.org/show_bug.cgi?id=14695
- http://blog.powerdns.com/2014/06/20/recursor-3-6-0-released/
- http://blog.powerdns.com/2014/09/10/security-update-powerdns-recursor-3-6-1/
- http://blog.powerdns.com/2014/10/30/recursor-3-6-2/
- http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8601
SRPMS
4/core
- pdns-recursor-3.6.2-1.1.mga4