From 2a846ba0d8bc96902f165d288214f14225f66e24 Mon Sep 17 00:00:00 2001 From: Pieter Lexis Date: Fri, 28 Aug 2015 16:02:26 +0200 Subject: [PATCH] Add the security advisory for Auth 3.4.6 --- docs/markdown/changelog.md.raw | 3 ++ .../security/powerdns-advisory-2015-02.md | 30 +++++++++++++++++++ docs/mkdocs.yml | 1 + 3 files changed, 34 insertions(+) create mode 100644 docs/markdown/security/powerdns-advisory-2015-02.md diff --git a/docs/markdown/changelog.md.raw b/docs/markdown/changelog.md.raw index 1b2082ffd..8804d8a4a 100644 --- a/docs/markdown/changelog.md.raw +++ b/docs/markdown/changelog.md.raw @@ -3,6 +3,9 @@ # PowerDNS Authoritative Server 3.4.6 Released 28th of August 2015 +This is a security release fixing [Security Advisory +2015-02](security/powerdns-advisory-2015-02.md) + Bug fixes: - commits [c849701](https://github.com/PowerDNS/pdns/commit/c849701) and diff --git a/docs/markdown/security/powerdns-advisory-2015-02.md b/docs/markdown/security/powerdns-advisory-2015-02.md new file mode 100644 index 000000000..e3c38249f --- /dev/null +++ b/docs/markdown/security/powerdns-advisory-2015-02.md @@ -0,0 +1,30 @@ +## PowerDNS Security Advisory 2015-02: Packet parsing bug can cause thread or process abortion + +* CVE: CVE-2015-5230 +* Date: 2nd of September 2015 +* Credit: Pyry Hakulinen and Ashish Shakla at Automattic +* Affects: PowerDNS Authoritative Server 3.4.0 through 3.4.5 +* Not affected: PowerDNS Authoritative Server 3.4.6 +* Severity: High +* Impact: Degraded service or Denial of service +* Exploit: This problem can be triggered by sending specially crafted query packets +* Risk of system compromise: No +* Solution: Upgrade to a non-affected version +* Workaround: Run the Authoritative Server inside a supervisor when + `distributor-threads` is set to `1` to prevent Denial of Service. + No workaround for the degraded service exists + +A bug was found in our DNS packet parsing/generation code, which, when exploited, +can cause individual threads (disabling service) or whole processes (allowing a +supervisor to restart them) to crash with just one or a few query packets. + +PowerDNS Authoritative Server 3.4.0-3.4.5 are affected. No other versions are +affected. The PowerDNS Recursor is not affected. + +[PowerDNS Authoritative Server 3.4.6](../changelog.md#powerdns-authoritative-server-346) +contains a fix to this issue. A minimal patch is [available here](https://downloads.powerdns.com/patches/2015-02/). + +This issue is entirely unrelated to [Security Advisory 2015-01](powerdns-advisory-2015-01.md)/CVE-2015-1868. + +We'd like to thank Pyry Hakulinen and Ashish Shakla at Automattic for finding and +subsequently reporting this bug. diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index d00fbe87f..8655ff774 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -66,6 +66,7 @@ pages: - List of Settings: recursor/settings.md - Security: - Security Policy: security/index.md + - Advisory 2015-02: security/powerdns-advisory-2015-02.md - Advisory 2015-01: security/powerdns-advisory-2015-01.md - Advisory 2014-02: security/powerdns-advisory-2014-02.md - Advisory 2014-01: security/powerdns-advisory-2014-01.md -- 2.40.0