Debian 9821 Published by

A maradns security update has been released for Debian GNU/Linux 10 LTS to address two security issues.

[SECURITY] [DLA 3457-1] maradns security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3457-1 Bastien Roucariès
June 19, 2023
- -------------------------------------------------------------------------

Package : maradns
Version : 2.0.13-1.2+deb10u1
CVE ID : CVE-2022-30256 CVE-2023-31137
Debian Bug : 1033252 1035936

MaraDNS is a small and lightweight cross-platform open-source DNS server.


A revoked domain name (so called "Ghost" domain name) can still be
resolvable for a long time by staying in the cache longer than
max_ttl allows. "Ghost" domain names includes expired domains
and taken-down malicious domains.


The authoritative server in MaraDNS had an issue where it is
possible to remotely terminate the MaraDNS process with a
specialy crafted packet (so called "packet of death").

For Debian 10 buster, these problems have been fixed in version

We recommend that you upgrade your maradns packages.

For the detailed security status of maradns please refer to
its security tracker page at:

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: