From 8a31117c0cc6c07aaadfe63f99cfda4c7a6b6ec3 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 23 May 2025 15:23:25 +0000 Subject: [PATCH] dnsdist: Update to 1.9.10 We released PowerDNS DNSdist 1.9.10 today, fixing several bugs including a security issue tracked as CVE-2025-30193 where a remote, unauthenticated attacker can cause a denial of service via a crafted TCP connection. The issue was reported to us via our public IRC channel so once it was clear that the issue had a security impact we prepared to release a new version as soon as possible. While we advise upgrading to a fixed version, a work-around is to temporarily restrict the number of queries that DNSdist is willing to accept over a single incoming TCP connection, via the setMaxTCPQueriesPerConnection directive. Setting it to 50 is a safe choice that does not impact performance in our tests. https://www.dnsdist.org/changelog.html#change-1.9.10 Signed-off-by: Michael Tremer --- lfs/dnsdist | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/dnsdist b/lfs/dnsdist index 6ce6359fa..994707e7b 100644 --- a/lfs/dnsdist +++ b/lfs/dnsdist @@ -26,7 +26,7 @@ include Config SUMMARY = A highly DNS-, DoS- and abuse-aware loadbalancer -VER = 1.9.9 +VER = 1.9.10 THISAPP = dnsdist-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = dnsdist -PAK_VER = 27 +PAK_VER = 28 DEPS = @@ -50,7 +50,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 54517c396d8b5b546e9bcc5890f6df0cfa8470b65d9c7dcece0c7d503fff3fc0d4e2898a7bda8e16f9935279849128293967b38865345fa4c963705b9c9b8cad +$(DL_FILE)_BLAKE2 = ea66ca17ef66ecc64fd3a7379b22c2b0448c2a41f325e574a4edb20dfe408315be84a407b78f30a441479fbbcba31a28da2e310c275877739918ad3f9870acd1 install : $(TARGET) -- 2.39.5