[Pdns-announce] PowerDNS Authoritative Server 4.0.6 & 4.1.5 and Recursor 4.0.9 & 4.1.5 Released

Erik Winkels erik.winkels at open-xchange.com
Tue Nov 6 22:27:37 UTC 2018


Hello everyone,

We’ve released PowerDNS Authoritative Server 4.0.6 & 4.1.5 and Recursor 4.0.9 & 4.1.5.
 
These are security releases with additional minor improvements and bug fixes.

Minimal patches for the releases are available at https://downloads.powerdns.com/patches/.

The changelogs look as follows (and can also be read at https://blog.powerdns.com/):

# Authoritative Server 4.1.5

This release fixes the following security advisories:

- PowerDNS Security Advisory 2018-03 (https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html) (CVE-2018-10851)
- PowerDNS Security Advisory 2018-05 (https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html) (CVE-2018-14626)

## Improvements

- Apply alias scopemask after chasing
- Release memory in case of error in the openssl ecdsa constructor
- Switch to devtoolset 7 for el6

## Bug Fixes

- Crafted zone record can cause a denial of service (CVE-2018-10851)
- Packet cache pollution via crafted query (CVE-2018-14626)
- Fix compilation with libressl 2.7.0+
- Actually truncate truncated responses

# Authoritative Server 4.0.6

This release fixes PowerDNS Security Advisory 2018-03 (https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html) (CVE-2018-10851).

## Bug fixes

- Crafted zone record can cause a denial of service (CVE-2018-10851)
- Skip v6-dependent test when pdns_test_no_ipv6 is set in environment
- Fix el6 builds

## Improvements

- Prevent cname + other data with dnsupdate
- Switch to devtoolset 7 for el6

# Recursor 4.1.5

This release fixes the following security advisories:

- PowerDNS Security Advisory 2018-04 (https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html) (CVE-2018-10851)
- PowerDNS Security Advisory 2018-06 (https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html) (CVE-2018-14626)
- PowerDNS Security Advisory 2018-07 (https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html) (CVE-2018-14644)

## Improvements

- Add pdnslog to lua configuration scripts (Chris Hofstaedtler)
- Fix compilation with libressl 2.7.0+
- Export outgoing ECS value and server ID in protobuf (if any)
- Switch to devtoolset 7 for el6
- Allow the signature inception to be off by a number of seconds (Kees Monshouwer)

## Bug Fixes

- Crafted answer can cause a denial of service (CVE-2018-10851)
- Packet cache pollution via crafted query (CVE-2018-14626)
- Crafted query for meta-types can cause a denial of service (CVE-2018-14644)
- Delay the creation of rpz threads until we have dropped privileges
- Cleanup the netmask trees used for the ecs index on removals
- Make sure that the ecs scope from the auth is < to the source
- Authority records in aa=1 cname answer are authoritative
- Avoid a memory leak in catch-all exception handler
- Don’t require authoritative answers for forward-recurse zones
- Release memory in case of error in the openssl ecdsa constructor
- Convert a few uses to toLogString to print DNSName’s that may be empty in a safer manner
- Avoid a crash on DEC Alpha systems
- Clear all caches on (N)TA changes

# Recursor 4.0.9

This release fixes the following security advisories:

- PowerDNS Security Advisory 2018-04 (https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html) (CVE-2018-10851)
- PowerDNS Security Advisory 2018-06 (https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html) (CVE-2018-14626)
- PowerDNS Security Advisory 2018-07 (https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html) (CVE-2018-14644)

## Bug fixes

- Crafted answer can cause a denial of service (CVE-2018-10851)
- Packet cache pollution via crafted query (CVE-2018-14626)
- Crafted query for meta-types can cause a denial of service (CVE-2018-14644)

# Additional Information

The tarballs and signatures are available at https://downloads.powerdns.com/releases/ and packages for CentOS 6 and 7, Debian Jessie and Stretch, Ubuntu Bionic, Trusty and Xenial are available from https://repo.powerdns.com/.  Rapberry PI packages will follow tomorrow.
 
Please send us all feedback and issues you might have via https://mailman.powerdns.com/mailman/listinfo/pdns-users, or in case of a bug, via https://github.com/PowerDNS/pdns/issues/new.

-- 
Erik Winkels
PowerDNS.COM BV -- https://www.powerdns.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 475 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-announce/attachments/20181106/17735237/attachment.sig>


More information about the Pdns-announce mailing list