Your message dated Wed, 21 May 2025 21:34:44 +0000
with message-id <e1uhr5i-002su2...@fasolo.debian.org>
and subject line Bug#1106207: fixed in dnsdist 1.9.10-1
has caused the Debian Bug report #1106207,
regarding dnsdist: CVE-2025-30193
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1106207: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106207
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: dnsdist
Version: 1.9.9-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/PowerDNS/pdns/pull/15572
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for dnsdist.
CVE-2025-30193[0]:
| In some circumstances, when DNSdist is configured to allow an
| unlimited number of queries on a single, incoming TCP connection
| from a client, an attacker can cause a denial of service by crafting
| a TCP exchange that triggers an exhaustion of the stack and a crash
| of DNSdist, causing a denial of service. The remedy is: upgrade to
| the patched 1.9.10 version. A workaround is to restrict the maximum
| number of queries on incoming TCP connections to a safe value, like
| 50, via the setMaxTCPQueriesPerConnection setting. We would like to
| thank Renaud Allard for bringing this issue to our attention.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-30193
https://www.cve.org/CVERecord?id=CVE-2025-30193
[1]
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-03.html
[2] https://github.com/PowerDNS/pdns/pull/15572
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dnsdist
Source-Version: 1.9.10-1
Done: Chris Hofstaedtler <z...@debian.org>
We believe that the bug you reported is fixed in the latest version of
dnsdist, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1106...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Hofstaedtler <z...@debian.org> (supplier of updated dnsdist package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 21 May 2025 10:30:17 +0200
Source: dnsdist
Architecture: source
Version: 1.9.10-1
Distribution: unstable
Urgency: medium
Maintainer: dnsdist packagers <dnsd...@packages.debian.org>
Changed-By: Chris Hofstaedtler <z...@debian.org>
Closes: 1106207
Changes:
dnsdist (1.9.10-1) unstable; urgency=medium
.
* New upstream version 1.9.10 including fix for CVE-2025-30193
(Closes: #1106207)
Checksums-Sha1:
9fedd2a7028368bd072a1be1cef8540c0df38c3c 2532 dnsdist_1.9.10-1.dsc
7660ae4732bcf3a52404226ce93953c486e84738 1598472 dnsdist_1.9.10.orig.tar.bz2
0118e5a3293222062a8cd1c527cbc4d5033c468d 525 dnsdist_1.9.10.orig.tar.bz2.asc
b9900be15dc791eb6bea628d0c57c0bf2088099b 17352 dnsdist_1.9.10-1.debian.tar.xz
3cb9a191956cfad2db98ada6fa564599a3b32ffe 15610 dnsdist_1.9.10-1_arm64.buildinfo
Checksums-Sha256:
2000b8b46ead23fefb4e4242623eec917a2609af845f1af194244d6e44b38502 2532
dnsdist_1.9.10-1.dsc
027ddbdee695c5a59728057bfc41c5b1a691fa1c7a5e89278b09f355325fbed6 1598472
dnsdist_1.9.10.orig.tar.bz2
feddb80d53dcbec010bcec2769c5d559c134a5b119988e6638fccb8fbbbf75cb 525
dnsdist_1.9.10.orig.tar.bz2.asc
2a59b05b723e863070a0f649e13949397cb75c229afce6190abbc49ef04a755b 17352
dnsdist_1.9.10-1.debian.tar.xz
c395d0c784bd3d6eda07983f5075c1f1fceb57a5d8e23f448e31a844782d648e 15610
dnsdist_1.9.10-1_arm64.buildinfo
Files:
15ef53506f224865dc44589b943bdf60 2532 net optional dnsdist_1.9.10-1.dsc
8f54f8a441ca1d582a23918165681730 1598472 net optional
dnsdist_1.9.10.orig.tar.bz2
2dff34528f84266e60beee0aa5b186dd 525 net optional
dnsdist_1.9.10.orig.tar.bz2.asc
733c5bc7b8f3b69aec01e4f8867b27f9 17352 net optional
dnsdist_1.9.10-1.debian.tar.xz
2cbec4c819bec629432500b2f9dc1521 15610 net optional
dnsdist_1.9.10-1_arm64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAmguQ18ACgkQXBPW25MF
LgNM4Q//bA8Ea7AikQrkZdYL+4E7n6mOSEhefjhBT4DXfLZ3spkCUTDRfE1cBNqI
7i+HF4G6cnyEXZMyDCCjuyMZKmZ2yqFAfFZDh4w6zMBsh1JxgTlxhsoySB0rPb0+
+VnxO6B+h0YZo6RvUbFMQg5nbPFaQgyUtQZljU7npOaQw3SfG+lH+QE+hpVV2dvw
2Uzs98iniHbkl5jYQW9YCWsXPPSyFqhFH7GPuMIczxUSnhDBK6PwxvBmgEnwfui+
e/iFcP/6qzgCVdop1NSip1EKKn5x518JillqCfZpqjeizcBHQfsz4ABUpJnLYlQT
cdl5w1xFbV5T6UBrsafDDTuhfd68fDE1CWYSrD4fKbJZLp2VPpWFBrHxPKs0Vdjj
XBpybPWpMEBxEGZ7b2ktAJpWqeFek7gFgubdLroElurXOl+wTpTMcl+LwUFVC1Qv
Dcmdt/T9ptcCWFAstWwagNUJ5STIo7HmU0NhI09Q3DDYvpZBZDk7di0Hp4FjEuxb
CZ9enSNS5K7DZrw3qxSULTXcOaoybl8byxojaer25z0RwwDPahJXKfqhPNlb8uJV
oCjF8uSypNxLjNLX7Tm/8/XJpz2KXBanUnLSD0T0+rgjlUEHDOmzRS6gV73sb57b
JSUWamylRyNAZimURATGRImtDQdhSCb36ta6x5AbPB8pyIBKlVs=
=5tcG
-----END PGP SIGNATURE-----
pgpS2CPrjf1Qp.pgp
Description: PGP signature
--- End Message ---
