SB2019062418 - Resource exhaustion in pdns (Alpine package)
Published: June 24, 2019
Security Bulletin ID
SB2019062418
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource exhaustion (CVE-ID: CVE-2019-10163)
The vulnerability allows a remote authenticated user to perform service disruption.
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=d07daf002340b69050f8b8f14bc5e0acb32f5a1a
- https://git.alpinelinux.org/aports/commit/?id=d581004a130816a57ab1b24bc72f87f8640bf053
- https://git.alpinelinux.org/aports/commit/?id=e94f8bfe370e4ccfdef25da5172beb314a0333f2
- https://git.alpinelinux.org/aports/commit/?id=634dbf6dd0672c74aac2102c289cbecfb29472b4
- https://git.alpinelinux.org/aports/commit/?id=b8d81030dc9fbd092647bd1c73901b0c7cbcfb41