[Pdns-announce] PowerDNS Authoritative Server 3.4.11 released

Pieter Lexis pieter.lexis at powerdns.com
Fri Jan 13 12:05:39 UTC 2017


Hello everyone,

Today, we are releasing version 3.4.11 of the PowerDNS Authoritative Server. This release fixes several scurity issues that were reported to PowerDNS.

It concerns the following security advisories:

 * 2016-02: Crafted queries can cause abnormal CPU usage[1]
 * 2016-03: Denial of service via the web server[2]
 * 2016-04: Insufficient validation of TSIG signatures[3]
 * 2016-05: Crafted zone record can cause a denial of service[4]

For those who cannot update, minimal patches are available[5,6,7,8]

The full changelog is online[9] and reproduced here:

 * Don't parse spurious RRs in queries when we don't need them (Security Advisory 2016-02)
 * Don't exit if the webserver can't accept a connection (Security Advisory 2016-03)
 * Fix TSIG computation (Security Advisory 2016-04)
 * Correctly check unknown record content size (Security Advisory 2016-05)
 * Fix a possible memory leak in the webserver
 * Lowercase the qname in getDomainInfo() and isMaster()
 * Don't look up the packet cache for TSIG-enabled queries
 * Fix a stack-based off-by-one write in the HTTP remote backend

Tarballs with sources are available (with signatures)[10,11] and we urge all users to upgrade to this new version.

Best regards,

The PowerDNS team.

1 - https://doc.powerdns.com/3/security/powerdns-advisory-2016-02
2 - https://doc.powerdns.com/3/security/powerdns-advisory-2016-03
3 - https://doc.powerdns.com/3/security/powerdns-advisory-2016-04
4 - https://doc.powerdns.com/3/security/powerdns-advisory-2016-05
5 - https://downloads.powerdns.com/patches/2016-02
6 - https://downloads.powerdns.com/patches/2016-03
7 - https://downloads.powerdns.com/patches/2016-04
8 - https://downloads.powerdns.com/patches/2016-05
9 - https://doc.powerdns.com/3/changelog/#powerdns-authoritative-server-3411
10 - https://downloads.powerdns.com/releases/pdns-3.4.11.tar.bz2
11 - https://downloads.powerdns.com/releases/pdns-3.4.11.tar.bz2.sig

-- 
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-announce/attachments/20170113/5c09a514/attachment.sig>


More information about the Pdns-announce mailing list