Date: Tue, 28 Jul 2015 17:01:11 +0100 From: Kiall Mac Innes <kiall@...innes.ie> To: oss-security@...ts.openwall.com Subject: CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets Hi, Can I please have a CVE assigned for the following issue: Launchpad Number: 1471161 CVE: TBA Date: July 28, 2015 Title: Designate mDNS DoS through incorrect handling of large RecordSets Reporter: Florian Weimer (Red Hat) Products: Designate Versions: 2015.1.0 through 18.104.22.168b1 Description: Florian Weimer from Red Hat reported a vulnerability in Designate. By creating a single RecordSet that exceeds the configured max allowed DNS packet size, an authenticated user may cause the Designate mDNS service to enter an infinite loop, triggering a DoS. Liberty (development branch) fix: https://review.openstack.org/206578 Kilo fix: https://review.openstack.org/206580 Notes: This fix will be included in a future 22.214.171.124b2 release. References: https://launchpad.net/bugs/1471161 http://lists.openstack.org/pipermail/openstack/2015-July/013548.html -- Kiall Mac Innes, OpenStack Designate PTL
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ