- Status Closed
- Percent Complete
- Task Type Securing
- Category Involved Service
FS#1134 - FDNS3+4 Upgrade 3.6.0 -> 3.6.1 CVE-2014-3614
Issue: A specific sequence of packets can crash PowerDNS Recursor 3.6.0 remotely
CVE: CVE-2014-3614
Affected: All deployments of PowerDNS Recursor 3.6.0
Not Affected:
PowerDNS Authoritative Server, PowerDNS Recursor versions other than 3.6.0
Workaround:
1) Only users from netmasks specified in 'allow-from' can cause the crash
2) add automated restarting
Remediation:
Upgrade to 3.6.1, or apply our minimal patch and recompile
Distributions shipping 3.6.0 have been notified and will be providing updates very soon
CVE: CVE-2014-3614
Affected: All deployments of PowerDNS Recursor 3.6.0
Not Affected:
PowerDNS Authoritative Server, PowerDNS Recursor versions other than 3.6.0
Workaround:
1) Only users from netmasks specified in 'allow-from' can cause the crash
2) add automated restarting
Remediation:
Upgrade to 3.6.1, or apply our minimal patch and recompile
Distributions shipping 3.6.0 have been notified and will be providing updates very soon
Closed by Admin
Friday, 12 September 2014, 07:14 GMT
Reason for closing: Finished
Additional comments about closing: Upgrade done
Friday, 12 September 2014, 07:14 GMT
Reason for closing: Finished
Additional comments about closing: Upgrade done