From pieter.lexis at powerdns.com Wed Sep 2 13:24:48 2015 From: pieter.lexis at powerdns.com (Pieter Lexis) Date: Wed, 2 Sep 2015 15:24:48 +0200 Subject: [Pdns-announce] PowerDNS Security Advisory 2015-02 Message-ID: <55E6F8A0.9030507@powerdns.com> Hi all, We'd like to make you aware of Security Advisory 2015-02 for PowerDNS. A bug was recently found in our DNS packet parsing/generation code, which, when exploited, can cause individual threads (disabling service) or whole processes (allowing a supervisor to restart them) to crash with just one or a few query packets. * CVE: CVE-2015-5230 * Date: 2nd of September 2015 * Credit: Pyry Hakulinen and Ashish Shakla at Automattic * Affects: PowerDNS Authoritative Server 3.4.0 through 3.4.5 * Not affected: PowerDNS Authoritative Server 3.4.6 * Severity: High * Impact: Degraded service or Denial of service * Exploit: This problem can be triggered by sending specially crafted query packets * Risk of system compromise: No * Solution: Upgrade to a non-affected version * Workaround: Run the Authoritative Server inside a supervisor when `distributor-threads` is set to `1` to prevent Denial of Service. No workaround for the degraded service exists PowerDNS Authoritative Server 3.4.0-3.4.5 are affected. No other versions are affected. The PowerDNS Recursor is not affected. PowerDNS Authoritative Server 3.4.6 contains a fix to this issue. A minimal patch is available [1]. This issue is entirely unrelated to Security Advisory 2015-01/CVE-2015-1868. We'd like to thank Pyry Hakulinen and Ashish Shakla at Automattic for finding and subsequently reporting this bug. 1 - https://downloads.powerdns.com/patches/2015-02/ -- Pieter Lexis PowerDNS.COM BV - https://www.powerdns.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From bert.hubert at powerdns.com Wed Sep 9 11:37:36 2015 From: bert.hubert at powerdns.com (bert hubert) Date: Wed, 9 Sep 2015 13:37:36 +0200 Subject: [Pdns-announce] Conferences, various Message-ID: <20150909113735.GC25721@xs.powerdns.com> Hi everybody, We try not to bore you too much with announcements, so here is a bundle: * Tomorrow this Thursday I'll be at the 'security summit at the beach', https://www.ssatb.nl/ in The Hague. If you or any of your coworkers are there, please find me! * Next week on Wednesday September 16th we are at the Liberty Gloal Tech Summit in Amsterdam, https://www.libertyglobaltechsummit.com/ and again, we'd love to meet you if you are there. * Friday 18th of of September, most of us will be at the NLNOG day 2015, http://nlnog.net/nlnog-dag-2015/ . Both Peter and I are presenting. This is at Leaseweb in Amsterdam. * October 8 and 9 we are in Berlin at the Open-Xchange summit, http://summit.open-xchange.com/ and as previously announced, there will be a PowerDNS meetup there too. http://blog.powerdns.com/2015/07/15/powerdns-at-open-xchange-summit-in-berlin-8-9-october-2015/ has the details. A few people have already let us know they'll be there, we'd love to hear from you! * We're still looking for great people! Please take a look at https://www.powerdns.com/careers.html to see if you or any one you know might be a match. Please spread the word! Cheers, Bert From pieter.lexis at powerdns.com Wed Sep 2 13:24:48 2015 From: pieter.lexis at powerdns.com (Pieter Lexis) Date: Wed, 2 Sep 2015 15:24:48 +0200 Subject: [Pdns-announce] PowerDNS Security Advisory 2015-02 Message-ID: <55E6F8A0.9030507@powerdns.com> Hi all, We'd like to make you aware of Security Advisory 2015-02 for PowerDNS. A bug was recently found in our DNS packet parsing/generation code, which, when exploited, can cause individual threads (disabling service) or whole processes (allowing a supervisor to restart them) to crash with just one or a few query packets. * CVE: CVE-2015-5230 * Date: 2nd of September 2015 * Credit: Pyry Hakulinen and Ashish Shakla at Automattic * Affects: PowerDNS Authoritative Server 3.4.0 through 3.4.5 * Not affected: PowerDNS Authoritative Server 3.4.6 * Severity: High * Impact: Degraded service or Denial of service * Exploit: This problem can be triggered by sending specially crafted query packets * Risk of system compromise: No * Solution: Upgrade to a non-affected version * Workaround: Run the Authoritative Server inside a supervisor when `distributor-threads` is set to `1` to prevent Denial of Service. No workaround for the degraded service exists PowerDNS Authoritative Server 3.4.0-3.4.5 are affected. No other versions are affected. The PowerDNS Recursor is not affected. PowerDNS Authoritative Server 3.4.6 contains a fix to this issue. A minimal patch is available [1]. This issue is entirely unrelated to Security Advisory 2015-01/CVE-2015-1868. We'd like to thank Pyry Hakulinen and Ashish Shakla at Automattic for finding and subsequently reporting this bug. 1 - https://downloads.powerdns.com/patches/2015-02/ -- Pieter Lexis PowerDNS.COM BV - https://www.powerdns.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From bert.hubert at powerdns.com Wed Sep 9 11:37:36 2015 From: bert.hubert at powerdns.com (bert hubert) Date: Wed, 9 Sep 2015 13:37:36 +0200 Subject: [Pdns-announce] Conferences, various Message-ID: <20150909113735.GC25721@xs.powerdns.com> Hi everybody, We try not to bore you too much with announcements, so here is a bundle: * Tomorrow this Thursday I'll be at the 'security summit at the beach', https://www.ssatb.nl/ in The Hague. If you or any of your coworkers are there, please find me! * Next week on Wednesday September 16th we are at the Liberty Gloal Tech Summit in Amsterdam, https://www.libertyglobaltechsummit.com/ and again, we'd love to meet you if you are there. * Friday 18th of of September, most of us will be at the NLNOG day 2015, http://nlnog.net/nlnog-dag-2015/ . Both Peter and I are presenting. This is at Leaseweb in Amsterdam. * October 8 and 9 we are in Berlin at the Open-Xchange summit, http://summit.open-xchange.com/ and as previously announced, there will be a PowerDNS meetup there too. http://blog.powerdns.com/2015/07/15/powerdns-at-open-xchange-summit-in-berlin-8-9-october-2015/ has the details. A few people have already let us know they'll be there, we'd love to hear from you! * We're still looking for great people! Please take a look at https://www.powerdns.com/careers.html to see if you or any one you know might be a match. Please spread the word! Cheers, Bert From pieter.lexis at powerdns.com Wed Sep 2 13:24:48 2015 From: pieter.lexis at powerdns.com (Pieter Lexis) Date: Wed, 2 Sep 2015 15:24:48 +0200 Subject: [Pdns-announce] PowerDNS Security Advisory 2015-02 Message-ID: <55E6F8A0.9030507@powerdns.com> Hi all, We'd like to make you aware of Security Advisory 2015-02 for PowerDNS. A bug was recently found in our DNS packet parsing/generation code, which, when exploited, can cause individual threads (disabling service) or whole processes (allowing a supervisor to restart them) to crash with just one or a few query packets. * CVE: CVE-2015-5230 * Date: 2nd of September 2015 * Credit: Pyry Hakulinen and Ashish Shakla at Automattic * Affects: PowerDNS Authoritative Server 3.4.0 through 3.4.5 * Not affected: PowerDNS Authoritative Server 3.4.6 * Severity: High * Impact: Degraded service or Denial of service * Exploit: This problem can be triggered by sending specially crafted query packets * Risk of system compromise: No * Solution: Upgrade to a non-affected version * Workaround: Run the Authoritative Server inside a supervisor when `distributor-threads` is set to `1` to prevent Denial of Service. No workaround for the degraded service exists PowerDNS Authoritative Server 3.4.0-3.4.5 are affected. No other versions are affected. The PowerDNS Recursor is not affected. PowerDNS Authoritative Server 3.4.6 contains a fix to this issue. A minimal patch is available [1]. This issue is entirely unrelated to Security Advisory 2015-01/CVE-2015-1868. We'd like to thank Pyry Hakulinen and Ashish Shakla at Automattic for finding and subsequently reporting this bug. 1 - https://downloads.powerdns.com/patches/2015-02/ -- Pieter Lexis PowerDNS.COM BV - https://www.powerdns.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From bert.hubert at powerdns.com Wed Sep 9 11:37:36 2015 From: bert.hubert at powerdns.com (bert hubert) Date: Wed, 9 Sep 2015 13:37:36 +0200 Subject: [Pdns-announce] Conferences, various Message-ID: <20150909113735.GC25721@xs.powerdns.com> Hi everybody, We try not to bore you too much with announcements, so here is a bundle: * Tomorrow this Thursday I'll be at the 'security summit at the beach', https://www.ssatb.nl/ in The Hague. If you or any of your coworkers are there, please find me! * Next week on Wednesday September 16th we are at the Liberty Gloal Tech Summit in Amsterdam, https://www.libertyglobaltechsummit.com/ and again, we'd love to meet you if you are there. * Friday 18th of of September, most of us will be at the NLNOG day 2015, http://nlnog.net/nlnog-dag-2015/ . Both Peter and I are presenting. This is at Leaseweb in Amsterdam. * October 8 and 9 we are in Berlin at the Open-Xchange summit, http://summit.open-xchange.com/ and as previously announced, there will be a PowerDNS meetup there too. http://blog.powerdns.com/2015/07/15/powerdns-at-open-xchange-summit-in-berlin-8-9-october-2015/ has the details. A few people have already let us know they'll be there, we'd love to hear from you! * We're still looking for great people! Please take a look at https://www.powerdns.com/careers.html to see if you or any one you know might be a match. Please spread the word! Cheers, Bert From pieter.lexis at powerdns.com Wed Sep 2 13:24:48 2015 From: pieter.lexis at powerdns.com (Pieter Lexis) Date: Wed, 2 Sep 2015 15:24:48 +0200 Subject: [Pdns-announce] PowerDNS Security Advisory 2015-02 Message-ID: <55E6F8A0.9030507@powerdns.com> Hi all, We'd like to make you aware of Security Advisory 2015-02 for PowerDNS. A bug was recently found in our DNS packet parsing/generation code, which, when exploited, can cause individual threads (disabling service) or whole processes (allowing a supervisor to restart them) to crash with just one or a few query packets. * CVE: CVE-2015-5230 * Date: 2nd of September 2015 * Credit: Pyry Hakulinen and Ashish Shakla at Automattic * Affects: PowerDNS Authoritative Server 3.4.0 through 3.4.5 * Not affected: PowerDNS Authoritative Server 3.4.6 * Severity: High * Impact: Degraded service or Denial of service * Exploit: This problem can be triggered by sending specially crafted query packets * Risk of system compromise: No * Solution: Upgrade to a non-affected version * Workaround: Run the Authoritative Server inside a supervisor when `distributor-threads` is set to `1` to prevent Denial of Service. No workaround for the degraded service exists PowerDNS Authoritative Server 3.4.0-3.4.5 are affected. No other versions are affected. The PowerDNS Recursor is not affected. PowerDNS Authoritative Server 3.4.6 contains a fix to this issue. A minimal patch is available [1]. This issue is entirely unrelated to Security Advisory 2015-01/CVE-2015-1868. We'd like to thank Pyry Hakulinen and Ashish Shakla at Automattic for finding and subsequently reporting this bug. 1 - https://downloads.powerdns.com/patches/2015-02/ -- Pieter Lexis PowerDNS.COM BV - https://www.powerdns.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From bert.hubert at powerdns.com Wed Sep 9 11:37:36 2015 From: bert.hubert at powerdns.com (bert hubert) Date: Wed, 9 Sep 2015 13:37:36 +0200 Subject: [Pdns-announce] Conferences, various Message-ID: <20150909113735.GC25721@xs.powerdns.com> Hi everybody, We try not to bore you too much with announcements, so here is a bundle: * Tomorrow this Thursday I'll be at the 'security summit at the beach', https://www.ssatb.nl/ in The Hague. If you or any of your coworkers are there, please find me! * Next week on Wednesday September 16th we are at the Liberty Gloal Tech Summit in Amsterdam, https://www.libertyglobaltechsummit.com/ and again, we'd love to meet you if you are there. * Friday 18th of of September, most of us will be at the NLNOG day 2015, http://nlnog.net/nlnog-dag-2015/ . Both Peter and I are presenting. This is at Leaseweb in Amsterdam. * October 8 and 9 we are in Berlin at the Open-Xchange summit, http://summit.open-xchange.com/ and as previously announced, there will be a PowerDNS meetup there too. http://blog.powerdns.com/2015/07/15/powerdns-at-open-xchange-summit-in-berlin-8-9-october-2015/ has the details. A few people have already let us know they'll be there, we'd love to hear from you! * We're still looking for great people! Please take a look at https://www.powerdns.com/careers.html to see if you or any one you know might be a match. Please spread the word! Cheers, Bert