From 4734bf424ceafcec2d9576a37268f72f5de39329 Mon Sep 17 00:00:00 2001 From: Otto Moerbeek Date: Tue, 23 Aug 2022 13:36:02 +0200 Subject: [PATCH] PSA 2022-02 tweaks and add PR#'s --- pdns/recursordist/docs/changelog/4.5.rst | 2 +- pdns/recursordist/docs/changelog/4.6.rst | 2 +- pdns/recursordist/docs/changelog/4.7.rst | 2 +- .../docs/security-advisories/powerdns-advisory-2022-02.rst | 7 +++---- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/pdns/recursordist/docs/changelog/4.5.rst b/pdns/recursordist/docs/changelog/4.5.rst index 424bb3e31e..6beac348cf 100644 --- a/pdns/recursordist/docs/changelog/4.5.rst +++ b/pdns/recursordist/docs/changelog/4.5.rst @@ -7,7 +7,7 @@ Changelogs for 4.5.X .. change:: :tags: Bug Fixes - :pullreq: TBD + :pullreq: 11875,11874 PowerDNS Security Advisory 2022-02: incomplete exception handling related to protobuf message generation. diff --git a/pdns/recursordist/docs/changelog/4.6.rst b/pdns/recursordist/docs/changelog/4.6.rst index 36a04a19e4..aab18814ad 100644 --- a/pdns/recursordist/docs/changelog/4.6.rst +++ b/pdns/recursordist/docs/changelog/4.6.rst @@ -7,7 +7,7 @@ Changelogs for 4.6.X .. change:: :tags: Bug Fixes - :pullreq: TBD + :pullreq: 11876,11874 PowerDNS Security Advisory 2022-02: incomplete exception handling related to protobuf message generation. diff --git a/pdns/recursordist/docs/changelog/4.7.rst b/pdns/recursordist/docs/changelog/4.7.rst index 7b0f19b674..f7553d78dd 100644 --- a/pdns/recursordist/docs/changelog/4.7.rst +++ b/pdns/recursordist/docs/changelog/4.7.rst @@ -6,7 +6,7 @@ Changelogs for 4.7.X .. change:: :tags: Bug Fixes - :pullreq: TBD + :pullreq: 11877,11874 PowerDNS Security Advisory 2022-02: incomplete exception handling related to protobuf message generation. diff --git a/pdns/recursordist/docs/security-advisories/powerdns-advisory-2022-02.rst b/pdns/recursordist/docs/security-advisories/powerdns-advisory-2022-02.rst index 55f03aa46d..0564d1dfe7 100644 --- a/pdns/recursordist/docs/security-advisories/powerdns-advisory-2022-02.rst +++ b/pdns/recursordist/docs/security-advisories/powerdns-advisory-2022-02.rst @@ -13,10 +13,9 @@ PowerDNS Security Advisory 2022-02: incomplete exception handling related to pro This issue only affects recursors which have protobuf logging enabled using the - protobufServer function with logResponses=true or - - outgoingProtobufServer function with logResponses=true +- ``protobufServer`` function with ``logResponses=true`` or +- ``outgoingProtobufServer`` function with ``logResponses=true`` -If either of these functions is used without specifying logResponses, its value is true. +If either of these functions is used without specifying ``logResponses``, its value is ``true``. An attacker needs to have access to the recursor, i.e. the remote IP must be in the access control list. If an attacker queries a name that leads to an answer with specific properties, a protobuf message might be generated that causes an exception. The code does not handle this exception correctly, causing a denial of service. -- 2.47.2