Package "pdns-recursor"

  pdns-recursor (3.5.3-1ubuntu0.1) trusty-security; urgency=high

  * SECURITY UPDATE:
  * References
  * CVE-2014-8601: PowerDNS Recursor before 3.6.2 does not limit delegation
    chaining, which allows remote attackers to cause a denial of service
    ("performance degradations") via a large or infinite number of referrals,
    as demonstrated by resolving domains hosted by ezdns.it.
    - Added debian/patches/CVE-2014-8601.patch
  * CVE-2015-1868: The label decompression functionality in PowerDNS Recursor
    3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth)
    Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote
    attackers to cause a denial of service (CPU consumption or crash) via a
    request with a name that refers to itself.
    - Added debian/patches/CVE-2015-1868.patch
  * CVE-2015-5470: The label decompression functionality in PowerDNS Recursor
    before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before
    3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of
    service (CPU consumption or crash) via a request with a long name that
    refers to itself. NOTE: this vulnerability exists because of an incomplete
    fix for CVE-2015-1868.
    - Added debian/patches/CVE-2015-1868-2.patch
  * CVE-2016-7068: Florian Heinz and Martin Kluge reported that pdns-recursor
    parses all records present in a query regardless of whether they are
    needed or even legitimate, allowing a remote, unauthenticated attacker to
    cause an abnormal CPU usage load on the pdns server, resulting in a
    partial denial of service if the system becomes overloaded.
    - Added debian/patches/CVE-2016-7068.patch
  * Add debian/patches/qtypes.patch so qtypes required for CVE-2016-7068.patch
    are available

 -- Scott Kitterman <email address hidden> Fri, 13 Jan 2017 15:20:50 -0500