[Pdns-announce] PowerDNS Authoritative Server 2.9.21.2 Security Upgrade
bert hubert
bert.hubert at netherlabs.nl
Tue Nov 18 14:01:17 UTC 2008
Authoritative Server version 2.9.21.2
Released on the 18th of November 2008.
Downloadable from:
http://downloads.powerdns.com/releases/pdns-2.9.21.2.tar.gz
http://downloads.powerdns.com/releases/deb/stable/pdns-static_2.9.21.2-1_i386.deb
http://downloads.powerdns.com/releases/rpm/pdns-static-2.9.21.2-1.i386.rpm
This release consists of a single patch to PowerDNS Authoritative Server
version 2.9.21.1. In some configurations, notably with configuration option
'distributor-threads=1', the PowerDNS Authoritative Server crashes easily in
some error conditions.
All users are urged to upgrade. Even though PowerDNS restarts itself on
encountering such error conditions, and even though most PowerDNS
configurations do not run in single threaded mode, an upgrade is
recommended.
More detauls:
Daniel Drown discovered that his PowerDNS 2.9.21.1 installation crashed on
receiving a HINFO CH query. In his enthousiasm, he shared his discovery with
the world, forcing a rapid over the weekend release cycle.
While we thank Daniel for his discovery, please study our security policy as
outlined in http://doc.powerdns.com/security-policy.html before making
vulnerabilities public.
It is believed that this issue only impacts PowerDNS Authoritative Servers
operating with 'distributor-threads=1', but even on other configurations a
database reconnect occurs on receiving a CH HINFO query.
--
http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services
More information about the Pdns-announce
mailing list