It was found that NSD does not implement reasonable restrictions for zone sizes. This allows an explicitly configured primary DNS server for a zone to crash a secondary DNS server, affecting service of other zones hosted on the same secondary server. CVE request: http://seclists.org/oss-sec/2016/q3/19 Upstream bug: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790 Proposed patches: https://github.com/sischkg/xfer-limit/blob/master/nsd-4.1.10-xfer-limit-0.0.2.patch https://github.com/sischkg/xfer-limit/blob/master/nsd-4.1.10-xfer-limit-0.0.3.patch https://github.com/sischkg/xfer-limit/blob/master/nsd-4.1.5-xfer-limit-0.0.1.patch
Created nsd tracking bugs for this issue: Affects: fedora-all [bug 1353577] Affects: epel-all [bug 1353578]