[Pdns-announce] PowerDNS Authoritative Server 2.9.21.2 Security Upgrade

bert hubert bert.hubert at netherlabs.nl
Tue Nov 18 14:01:17 UTC 2008


Authoritative Server version 2.9.21.2

Released on the 18th of November 2008.

Downloadable from:
	http://downloads.powerdns.com/releases/pdns-2.9.21.2.tar.gz
	http://downloads.powerdns.com/releases/deb/stable/pdns-static_2.9.21.2-1_i386.deb
	http://downloads.powerdns.com/releases/rpm/pdns-static-2.9.21.2-1.i386.rpm

This release consists of a single patch to PowerDNS Authoritative Server
version 2.9.21.1. In some configurations, notably with configuration option
'distributor-threads=1', the PowerDNS Authoritative Server crashes easily in
some error conditions.

All users are urged to upgrade. Even though PowerDNS restarts itself on
encountering such error conditions, and even though most PowerDNS
configurations do not run in single threaded mode, an upgrade is
recommended.

More detauls:

Daniel Drown discovered that his PowerDNS 2.9.21.1 installation crashed on
receiving a HINFO CH query. In his enthousiasm, he shared his discovery with
the world, forcing a rapid over the weekend release cycle.

While we thank Daniel for his discovery, please study our security policy as
outlined in http://doc.powerdns.com/security-policy.html before making
vulnerabilities public.

It is believed that this issue only impacts PowerDNS Authoritative Servers
operating with 'distributor-threads=1', but even on other configurations a
database reconnect occurs on receiving a CH HINFO query.


-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services


More information about the Pdns-announce mailing list