- What: A security update is available for pdns-recursor to address two denial-of-service vulnerabilities when processing malformed zone files.
- Impact: Systems running vulnerable versions of pdns-recursor may be susceptible to denial-of-service attacks.
[SECURITY] [DSA 6134-1] pdns-recursor security update To : debian-security-announce@lists.debian.org Subject : [SECURITY] [DSA 6134-1] pdns-recursor security update From : Moritz Muehlenhoff < jmm@debian.org > Date : Fri, 13 Feb 2026 19:12:18 +0000 Message-id : < [🔎] aY93ksm8okiSlUP9@seger.debian.org > Reply-to : debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6134-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pdns-recursor CVE ID : CVE-2026-0398 CVE-2026-24027 Two vulnerabiliites have been discovered in PDNS Recursor, a resolving name server which result result in denial of service when processing a malformed zone file. For the stable distribution (trixie), these problems have been fixed in version 5.2.8-0+deb13u1. We recommend that you upgrade your pdns-recursor packages. For the detailed security status of pdns-recursor please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pdns-recursor Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmmPdIwACgkQEMKTtsN8 TjbulQ//bOSIZP7kNx4QLatoTz+DzE3vpt7B+UhZYvcAuoFt/o5cWHom1sD6P/QF 4iqxD4wHaJcr8TLCL4hnHSu6dBR6Co6jSGj8AUt7ZTCa4v0vIOBFH0/kfAb227YJ NLadUT6NxAEypCz3CtnUrbtZ2pXPcK0fIkNtUe3UokTgqw5qtJjv33KPGekaWpbv 8zMNsMAvTb9fqecUulfeKpFPBpfBUkM8XhvltvNBKsHZmQxrimfXLexu9KzLpDXg k5dzU/lGerknZTsAAUmbu3Z343Z9HaaEgrZv2lKCmeXXUtpFnrZq/qcEvEULp9JN VbkD7QTXVsnVyyiabn3BmjWq4FFaYWanNVsTuZici88Hi+eKvhdq1Rw+Mx4xqqEp fvPJ/Wrz6owvVwTDKcHUYWzCF1vG2CDjC58fAqVSoVJ7OWrEyMlrrqBxOK4UNrk6 C5m0V8mMpjQzCiAePoZGzuogZe13m05C/EQ47a7CdifD9xGoqnjG/3pIxsFLl51z EAC14QqNKW+DZ0oESF9DusMleeqxuG62sQ+R+wa0p4bzaN6bmv6TXXlFEnvXT7MC LR8PjwF+ZTgpEAj/qNP4Buwv9ddQafCQpW/7U/lnjq/zeR3wQuBGPQM45xG8f0ag 3xlKFTCVXDTkPkObbprvWOBpAHEAJw41CQ3LxME+CQCkY+jyRTU= =/bKG -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6133-1] postgresql-17 security update Previous by thread: [SECURITY] [DSA 6133-1] postgresql-17 security update Index(es): Date Thread