Package        : pdns
Version        : 3.4.1-4+deb8u10
CVE ID         : CVE-2019-10162 CVE-2019-10163


Two vulnerabilities have been discovered in pdns, an authoritative DNS
server which may result in denial of service via malformed zone records
and excessive NOTIFY packets in a master/slave setup.

CVE-2019-10162

    An issue has been found in PowerDNS Authoritative Server allowing
    an authorized user to cause the server to exit by inserting a
    crafted record in a MASTER type zone under their control. The issue
    is due to the fact that the Authoritative Server will exit when it
    runs into a parsing error while looking up the NS/A/AAAA records it
    is about to use for an outgoing notify.

CVE-2019-10163

    An issue has been found in PowerDNS Authoritative Server allowing
    a remote, authorized master server to cause a high CPU load or even
    prevent any further updates to any slave zone by sending a large
    number of NOTIFY messages. Note that only servers configured as
    slaves are affected by this issue.

For Debian 8 "Jessie", these problems have been fixed in version
3.4.1-4+deb8u10.

We recommend that you upgrade your pdns packages.

For the detailed security status of pdns please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/pdns

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


- -- 
Jonas Meurer