Date: Tue, 28 Jul 2015 17:01:11 +0100 From: Kiall Mac Innes <kiall@...innes.ie> To: oss-security@...ts.openwall.com Subject: CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets Hi, Can I please have a CVE assigned for the following issue: Launchpad Number: 1471161 CVE: TBA Date: July 28, 2015 Title: Designate mDNS DoS through incorrect handling of large RecordSets Reporter: Florian Weimer (Red Hat) Products: Designate Versions: 2015.1.0 through 220.127.116.11b1 Description: Florian Weimer from Red Hat reported a vulnerability in Designate. By creating a single RecordSet that exceeds the configured max allowed DNS packet size, an authenticated user may cause the Designate mDNS service to enter an infinite loop, triggering a DoS. Liberty (development branch) fix: https://review.openstack.org/206578 Kilo fix: https://review.openstack.org/206580 Notes: This fix will be included in a future 18.104.22.168b2 release. References: https://launchpad.net/bugs/1471161 http://lists.openstack.org/pipermail/openstack/2015-July/013548.html -- Kiall Mac Innes, OpenStack Designate PTL
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.