Hi,
On 17-02-16 14:38, bert hubert wrote:
> On Wed, Feb 17, 2016 at 02:12:51PM +0100, Nick Douma wrote:
>> What about the static debian package on the website? I assume updating
>> the OS libc package is not enough?
>
> Check with ldd /usr/sbin/pdns_server or /usr/sbin/pdns_recursor to see if
> y
On Wed, Feb 17, 2016 at 02:12:51PM +0100, Nick Douma wrote:
> What about the static debian package on the website? I assume updating
> the OS libc package is not enough?
Hi Nick,
Good question. It turns out our recent static packages in fact link to the
system libc. We call these 'semi-static', b
Hi,
On 17-02-16 13:56, bert hubert wrote:
> In short, this is a vulnerability not in PowerDNS products but in the Linux
> C library. This vulnerability could be exploited if it would be possible to
> relay specifically crafted records to Linux clients.
>
> Please let us know if you have further qu
Since yesterday we have been following and studying CVE-2015-7547. More
about which on
https://googleonlinesecurity.blogspot.nl/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
In short, this is a vulnerability not in PowerDNS products but in the Linux
C library. This vulnerability could be expl