]> granicus.if.org Git - pdns/commitdiff
projects / pdns / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6bba426)
Add the security advisory for Auth 3.4.6
authorPieter Lexis <pieter.lexis@powerdns.com>
Fri, 28 Aug 2015 14:02:26 +0000 (16:02 +0200)
committerPieter Lexis <pieter.lexis@powerdns.com>
Wed, 2 Sep 2015 08:34:02 +0000 (10:34 +0200)
docs/markdown/changelog.md.raw patch | blob | history
docs/markdown/security/powerdns-advisory-2015-02.md [new file with mode: 0644] patch | blob
docs/mkdocs.yml patch | blob | history

diff --git a/docs/markdown/changelog.md.raw b/docs/markdown/changelog.md.raw
index 1b2082ffd75b68853c0934763b554b03bc61a2ac..8804d8a4a5c110d4a2921fe2c224c903485d393a 100644 (file)
--- a/docs/markdown/changelog.md.raw
+++ b/docs/markdown/changelog.md.raw
@@ -3,6 +3,9 @@
 # PowerDNS Authoritative Server 3.4.6
 Released 28th of August 2015
 
+This is a security release fixing [Security Advisory
+2015-02](security/powerdns-advisory-2015-02.md)
+
 Bug fixes:
 
 - commits [c849701](https://github.com/PowerDNS/pdns/commit/c849701) and
diff --git a/docs/markdown/security/powerdns-advisory-2015-02.md b/docs/markdown/security/powerdns-advisory-2015-02.md
new file mode 100644 (file)
index 0000000..e3c3824
--- /dev/null
+++ b/docs/markdown/security/powerdns-advisory-2015-02.md
@@ -0,0 +1,30 @@
+## PowerDNS Security Advisory 2015-02: Packet parsing bug can cause thread or process abortion
+
+* CVE: CVE-2015-5230
+* Date: 2nd of September 2015
+* Credit: Pyry Hakulinen and Ashish Shakla at Automattic
+* Affects: PowerDNS Authoritative Server 3.4.0 through 3.4.5
+* Not affected: PowerDNS Authoritative Server 3.4.6
+* Severity: High
+* Impact: Degraded service or Denial of service
+* Exploit: This problem can be triggered by sending specially crafted query packets
+* Risk of system compromise: No
+* Solution: Upgrade to a non-affected version
+* Workaround: Run the Authoritative Server inside a supervisor when
+  `distributor-threads`  is set to `1` to prevent Denial of Service.
+  No workaround for the degraded service exists
+
+A bug was found in our DNS packet parsing/generation code, which, when exploited,
+can cause individual threads (disabling service) or whole processes (allowing a
+supervisor to restart them) to crash with just one or a few query packets.
+
+PowerDNS Authoritative Server 3.4.0-3.4.5 are affected. No other versions are
+affected. The PowerDNS Recursor is not affected.
+
+[PowerDNS Authoritative Server 3.4.6](../changelog.md#powerdns-authoritative-server-346)
+contains a fix to this issue. A minimal patch is [available here](https://downloads.powerdns.com/patches/2015-02/).
+
+This issue is entirely unrelated to [Security Advisory 2015-01](powerdns-advisory-2015-01.md)/CVE-2015-1868.
+
+We'd like to thank Pyry Hakulinen and Ashish Shakla at Automattic for finding and
+subsequently reporting this bug.
diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml
index d00fbe87fb4ed731b39947f70ecb2fd29b5ecbb2..8655ff774cde12a170296876ec941af2efbc2507 100644 (file)
--- a/docs/mkdocs.yml
+++ b/docs/mkdocs.yml
@@ -66,6 +66,7 @@ pages:
     - List of Settings: recursor/settings.md
   - Security:
     - Security Policy: security/index.md
+    - Advisory 2015-02: security/powerdns-advisory-2015-02.md
     - Advisory 2015-01: security/powerdns-advisory-2015-01.md
     - Advisory 2014-02: security/powerdns-advisory-2014-02.md
     - Advisory 2014-01: security/powerdns-advisory-2014-01.md
Unnamed repository; edit this file 'description' to name the repository.