[Pdns-announce] PowerDNS Recursor 4.1.9 Released

Remi Gacogne remi.gacogne at powerdns.com
Mon Jan 21 14:14:37 UTC 2019


Hello everyone,

We are very happy to announce the 4.1.9 release of the PowerDNS
Recursor. This release is fixing two security issues, and addressing a
shortcoming in the way incoming queries are distributed to threads under
heavy load.

This release fixes the following security issues:

- PowerDNS Security Advisory 2019-01 [1] (CVE-2019-3806): Lua hooks are
not called over TCP
- PowerDNS Security Advisory 2019-02 [2] (CVE-2019-3807): DNSSEC
validation is not performed for AA=0 responses

These issues respectively affect PowerDNS Recursor from 4.1.4 and 4.1.0,
up to and including 4.1.8. PowerDNS Recursor 4.0.x and below are not
affected.

Minimal patches are available at [3] and [4].

The changelog [5]:

- #7397: Load the Lua script in the distributor thread, check signature
for AA=0 answers (CVE-2019-3806, CVE-2019-3807)
- #7377: Try another worker before failing if the first pipe was full

The tarball [6] (signature [7]) is available at
https://downloads.powerdns.com/releases/ and packages for CentOS 6 and
7, Debian Jessie and Stretch, Ubuntu Bionic, Trusty and Xenial are
available from https://repo.powerdns.com/.

Please send us all feedback and issues you might have via the mailing
list [8], or in case of a bug, via GitHub [9].

[1]:
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html
|2]:
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html
[3]: https://downloads.powerdns.com/patches/2019-01/
[4]: https://downloads.powerdns.com/patches/2019-02/
[5]: https://doc.powerdns.com/recursor/changelog/4.1.html#change-4.1.9
[6]: https://downloads.powerdns.com/releases/pdns-recursor-4.1.9.tar.bz2
[7]: https://downloads.powerdns.com/releases/pdns-recursor-4.1.9.tar.bz2.sig
[8]: https://mailman.powerdns.com/mailman/listinfo/pdns-users
[9]: https://github.com/PowerDNS/pdns/issues/new

Best regards,
-- 
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-announce/attachments/20190121/9f1554eb/attachment.sig>


More information about the Pdns-announce mailing list