Security Advisory: DSA-3764-1 Package: pdns CVE IDs: CVE-2016-2120, CVE-2016-7068, CVE-2016-7072, CVE-2016-7073 Summary: Multiple vulnerabilities have been discovered in pdns, an authoritative DNS server. The vulnerabilities include improper validation of records in zones, parsing all records in a query regardless of legitimacy, susceptibility to a denial-of-service vulnerability, and insufficient validation of TSIG signatures. Impact: - CVE-2016-2120: An authorized user can crash the server. - CVE-2016-7068: A remote, unauthenticated attacker can cause CPU usage overload. - CVE-2016-7072: A remote, unauthenticated attacker can cause a denial of service. - CVE-2016-7073: An attacker can alter the content of an AXFR. Affected Versions: - Stable distribution (jessie): Fixed in version 3.4.1-4+deb8u7. - Unstable distribution (sid): Fixed in version 4.0.2-1. Recommendation: Upgrade your pdns packages.