[dns-operations] CVE-2015-7547: glibc getaddrinfo buffer overflow

bert hubert bert.hubert at powerdns.com
Wed Feb 17 13:13:00 UTC 2016

On Wed, Feb 17, 2016 at 01:14:00PM +0100, Ralf Weber wrote:
> > It might be reasonable to limit the size of A and AAAA RRsets to somewhat
> > less than 2KB :-) But right now it's easier (with the software I'm
> > running) to fix glibc than add the necessary nameserver feature :-/
> It all depends of the software you are using ;-). And while it is possible
> to implement such a policy with our (Nominum) software and possibly others

PowerDNS has provided a script which we will continue to update as we learn


Of course we are with Ralf that anyone should be updating their C
libraries as soon as possible. But otherwise, there is this script.


More information about the dns-operations mailing list