Description of problem: From http://mailman.powerdns.com/pipermail/pdns-announce/2012-January/000151.html: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear PowerDNS users, Tomorrow (Tuesday the 10th of January) at 9AM eastern time, 15:00 Central European Time, we will be releasing an important PowerDNS Security Advisory. This Advisory contains details of a Denial of Service issue within all currently used versions of the PowerDNS Authoritative Server. We will be releasing: * A configuration based workaround, which might have a performance penalty * An iptables based workaround * Versions 2.9.22.5 and 3.0.1 of the Authoritative Server As source code Packages (static 32 bit and 64 bit for Debian and RPM based Linux distributions) * A one-line patch that solves the issue for source based users * Complete details of the problem The denial of service attack is temporary in nature, but can be performed using limited resources. There is no risk of a system compromise because of this attack. This pre-announcement is made to allow operators to schedule a maintenance window to possibly upgrade or modify their systems. If you anticipate requiring help upgrading your affected systems, please contact powerdns.support at netherlabs.nl. Some more details: CVE: CVE-2012-0206 Date: 10th of January 2012 Affects: Most PowerDNS Authoritative Server versions < 3.0.1 (with the exception of 2.9.22.5) Not affected: No versions of the PowerDNS Recursor ('pdns_recursor') are affected. Severity: High Impact: Temporary denial of service Exploit: Proof of concept Risk of system compromise: No Solution: Upgrade to PowerDNS Recursor 2.9.22.5 or 3.0.1 Workaround: Several Kind regards, Bert Hubert Netherlabs - -- PowerDNS Website: http://www.powerdns.com/ PowerDNS Community Website: http://wiki.powerdns.com/ PowerDNS Support & Development is provided by Netherlabs Computer Consulting -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk8Kls4ACgkQHF7pkNLnFXXdNwCgiWBvUnrlFbwkVDD30q691noQ qzMAn3cuNd/ErnTqudniE8M/fFYmW56Y =wRvu -----END PGP SIGNATURE-----
*** This bug has been marked as a duplicate of bug 772570 ***
pdns-2.9.22.5-1.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/pdns-2.9.22.5-1.fc15
pdns-3.0.1-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/pdns-3.0.1-1.fc16
Package pdns-3.0.1-1.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing pdns-3.0.1-1.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-0263/pdns-3.0.1-1.fc16 then log in and leave karma (feedback).
pdns-3.0.1-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
pdns-2.9.22.6-1.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/pdns-2.9.22.6-1.fc15
pdns-2.9.22.6-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.