Bug 1257229 - (CVE-2015-5230) CVE-2015-5230 pdns: denial of service due to memory leak in exception handling routines
CVE-2015-5230 pdns: denial of service due to memory leak in exception handlin...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20150902,repor...
: Security
Depends On: 1259603
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-26 10:37 EDT by Vasyl Kaigorodov
Modified: 2016-03-04 07:48 EST (History)
1 user (show)

See Also:
Fixed In Version: PowerDNS 3.4.6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vasyl Kaigorodov 2015-08-26 10:37:48 EDT
Upstream reports a bug in PowerDNS DNS packet parsing/generation code,
which, when exploited, can cause a crash of individual threads (disabling service)
or crash of whole processes (allowing a supervisor to restart them) with
just one or a few query packets.

PowerDNS Authoritative Server 3.4.0-3.4.5 are affected. No other
versions are affected. The PowerDNS Recursor is not affected.

Upstream patches:
https://github.com/PowerDNS/pdns/commit/c849701f7be442b21db69366d00cd92b64d660cd
https://github.com/PowerDNS/pdns/commit/8c91e2ccd0c775405b3c3dc0cb576106924ae364
Comment 1 Martin Prpič 2015-09-03 03:16:06 EDT
Public via:

http://seclists.org/oss-sec/2015/q3/476
Comment 2 Martin Prpič 2015-09-03 03:16:34 EDT
Created pdns tracking bugs for this issue:

Affects: fedora-all [bug 1259603]
Comment 3 Martin Prpič 2015-09-03 03:17:09 EDT
Patches from the advisory:

https://downloads.powerdns.com/patches/2015-02/
Comment 4 Fedora Update System 2015-09-26 13:34:28 EDT
pdns-3.4.6-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2015-09-26 23:23:04 EDT
pdns-3.4.6-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2015-09-27 14:22:08 EDT
pdns-3.4.6-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.