oss-sec mailing list archives

Re: Follow up: PowerDNS Security Advisory 2015-01

From: Alessandro Ghedini <alessandro () ghedini me>
Date: Tue, 7 Jul 2015 16:00:18 +0200

On Tue, Jul 07, 2015 at 11:28:48AM +0200, Pieter Lexis wrote:

Hi all,

We've updated our security advisory regarding CVE-2015-1868[1].
Toshifumi Sakaguchi discovered that our fix for this CVE was
insufficient in some cases with specially crafted packets.

Last month we released patched versions[2] and we've now updated the
Advisory to reflect this. If you have not updated yet, we advice again
to update.

1 - https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
2 -
http://blog.powerdns.com/2015/06/09/authoritative-server-3-4-5-3-3-3-and-recursor-3-7-3-3-6-4-released/


I think this should get a new CVE assigned due to the original patch being
incomplete (I've added cve-assign to CC).

Cheers

Attachment: signature.asc
Description: Digital signature

Current thread:

Follow up: PowerDNS Security Advisory 2015-01 Pieter Lexis (Jul 07)
- Re: Follow up: PowerDNS Security Advisory 2015-01 Alessandro Ghedini (Jul 07)
- Re: Follow up: PowerDNS Security Advisory 2015-01 cve-assign (Jul 10)