{"id":"MGASA-2017-0036","summary":"Updated pdns-recursor packages fix security vulnerability","details":"Florian Heinz and Martin Kluge reported that pdns-recursor parses all\nrecords present in a query regardless of whether they are needed or even\nlegitimate, allowing a remote, unauthenticated attacker to cause an\nabnormal CPU usage load on the pdns server, resulting in a partial\ndenial of service if the system becomes overloaded (CVE-2016-7068).\n","modified":"2026-01-31T21:51:15.610254Z","published":"2017-02-02T19:17:14Z","related":["CVE-2016-7068"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0036.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20127"},{"type":"REPORT","url":"https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/"},{"type":"REPORT","url":"https://www.debian.org/security/2017/dsa-3763"}],"affected":[{"package":{"name":"pdns-recursor","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/pdns-recursor?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.4-1.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0036.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}