[Pdns-announce] PowerDNS Authoritative Server 4.0.5 and Recursor 4.0.7 Available

Erik Winkels erik.winkels at open-xchange.com
Mon Nov 27 16:08:55 UTC 2017 

Hello everyone,

We're happy to release PowerDNS Authoritative Server 4.0.5 and Recursor 4.0.7 which contain a lot of backports from the 4.1.x branch. These releases also drop support for Botan 1.10 in favor of Botan 2.x.

More importantly there are fixes for the following security advisories:

- Authoritative Server
  - PowerDNS Security Advisory 2017-04[1]: Missing check on API operations (CVE-2017-15091)
- Recursor
  - PowerDNS Security Advisory 2017-03[2]: Insufficient validation of DNSSEC signatures (CVE-2017-15090)
  - PowerDNS Security Advisory 2017-05[3]: Cross-Site Scripting in the web interface (CVE-2017-15092)
  - PowerDNS Security Advisory 2017-06[4]: Configuration file injection in the API (CVE-2017-15093)
  - PowerDNS Security Advisory 2017-07[5]: Memory leak in DNSSEC parsing (CVE-2017-15094)

(We thank Nixu for their discoveries of CVE-2017-15092, CVE-2017-15093 and CVE-2017-15094.)

The full changelogs are available at:

- https://doc.powerdns.com/authoritative/changelog/4.0.html#powerdns-authoritative-server-4-0-5 (authoritative server)
- https://doc.powerdns.com/recursor/changelog/4.0.html#powerdns-recursor-4-0-7 (recursor)

The tarballs are available on downloads.powerdns.com[6] (signature[7]) for the authoritative server and for the recursor on downloads.powerdns.com[8] (signature[9]) and packages for CentOS 6 and 7, Debian Jessie and Stretch, Ubuntu Artful, Trusty, Xenial and Zesty are available from https://repo.powerdns.com.

Please send us all feedback and issues you might have via the mailinglist, or in case of a bug, via GitHub[10].

 1 - https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html
 2 - https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html
 3 - https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html
 4 - https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html
 5 - https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html
 6 - https://downloads.powerdns.com/releases/pdns-4.0.5.tar.bz2
 7 - https://downloads.powerdns.com/releases/pdns-4.0.5.tar.bz2.sig
 8 - https://downloads.powerdns.com/releases/pdns-recursor-4.0.7.tar.bz2
 9 - https://downloads.powerdns.com/releases/pdns-recursor-4.0.7.tar.bz2.sig
10 - https://github.com/PowerDNS/pdns/issues/new

--
Erik Winkels
PowerDNS.COM BV -- https://www.powerdns.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 475 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-announce/attachments/20171127/272034b6/attachment.sig>

More information about the Pdns-announce mailing list