FS#44708 - [powerdns][powerdns-recursor][CVE-2015-1868] Label decompression bug can cause crashes

Attached to Project: Community Packages
Opened by Christian Rebischke (Shibumi) - Thursday, 23 April 2015, 20:05 GMT
Last edited by Alexander F. Rødseth (xyproto) - Friday, 24 April 2015, 08:59 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To No-one
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:

A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. This loop is capped at a 1000 iterations by a failsafe, making the issue harmless on most platforms. As for workarounds, only clients in allow-from are able to trigger the degraded service, so this should be limited to your userbase; further, we recommend running your critical services under supervision such as systemd, supervisord, daemontools, etc.[0]

Resolution:
patch for powerdns [1]
patch for powerdns-recursor [2]

Resources:
[0] https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
[1] https://downloads.powerdns.com/patches/2015-01/others.patch
[2] https://downloads.powerdns.com/patches/2015-01/rec-3.7.1.patch
This task depends upon

Closed by  Alexander F. Rødseth (xyproto)
Friday, 24 April 2015, 08:59 GMT
Reason for closing:  Fixed
Comment by Alexander F. Rødseth (xyproto) - Friday, 24 April 2015, 08:59 GMT
Thanks for reporting. The powerdns package has been updated to 3.4.4 (this release includes the upstream patches) and should appear in [community] shortly.

Loading...