Hi all,
Two work-arounds are available:
The full security advisory is provided below, and can also be
found at
https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2024-03.html
A minimal patch can also be found here:
https://downloads.powerdns.com/patches/2024-03/
Please feel free to contact me directly if you have any question.
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
==================================================================================================================
- CVE: CVE-2024-25581
- Date: May 13th 2024
- Not affected: PowerDNS DNSdist 1.9.4
- Severity: High (only in specific configurations, see below)
- Impact: Denial of service
- Risk of system compromise: None
Two workarounds are available: